hxxps://download1648[.]mediafire[.]com/x4lw8p3316ugR2u52XkMiF3mLXmyAHMDPwKY8NfbCGOAz4xQFHxw8QE20WvIPIE8EPzy1BEFL3slKqTGxUZRQ8xVQe7tByQq5ipm-bgmBJio8o13pWQK9KzsTTU915X-9y5YgYbQIKFMwX4A0ajUgJB9MGKcppTD4wo1KF1iYr3B-w/vehz5gm393ydtoz/nitrogen[.]zip

Resubmissions

19/07/2024, 20:40 UTC

240719-zfx1zasdph 5

19/07/2024, 20:40 UTC

240719-zfv7dasdpe 1

19/07/2024, 20:37 UTC

240719-zd9lzsycrn 1

19/07/2024, 20:33 UTC

240719-zb32esscjc 1

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
19/07/2024, 20:37 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://download1648.mediafire.com/x4lw8p3316ugR2u52XkMiF3mLXmyAHMDPwKY8NfbCGOAz4xQFHxw8QE20WvIPIE8EPzy1BEFL3slKqTGxUZRQ8xVQe7tByQq5ipm-bgmBJio8o13pWQK9KzsTTU915X-9y5YgYbQIKFMwX4A0ajUgJB9MGKcppTD4wo1KF1iYr3B-w/vehz5gm393ydtoz/nitrogen.zip

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings	msedge.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
6036	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3568	msedge.exe
3568	msedge.exe
692	msedge.exe
692	msedge.exe
2296	identity_helper.exe
2296	identity_helper.exe
6072	msedge.exe
6072	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

pid	Process
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe

Suspicious use of FindShellTrayWindow 39 IoCs

pid	Process
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 692 wrote to memory of 4508	692	msedge.exe	85
PID 692 wrote to memory of 4508	692	msedge.exe	85
PID 692 wrote to memory of 1716	692	msedge.exe	86
PID 692 wrote to memory of 1716	692	msedge.exe	86
PID 692 wrote to memory of 1716	692	msedge.exe	86
PID 692 wrote to memory of 1716	692	msedge.exe	86
PID 692 wrote to memory of 1716	692	msedge.exe	86
PID 692 wrote to memory of 1716	692	msedge.exe	86
PID 692 wrote to memory of 1716	692	msedge.exe	86
PID 692 wrote to memory of 1716	692	msedge.exe	86
PID 692 wrote to memory of 1716	692	msedge.exe	86
PID 692 wrote to memory of 1716	692	msedge.exe	86
PID 692 wrote to memory of 1716	692	msedge.exe	86
PID 692 wrote to memory of 1716	692	msedge.exe	86
PID 692 wrote to memory of 1716	692	msedge.exe	86
PID 692 wrote to memory of 1716	692	msedge.exe	86
PID 692 wrote to memory of 1716	692	msedge.exe	86
PID 692 wrote to memory of 1716	692	msedge.exe	86
PID 692 wrote to memory of 1716	692	msedge.exe	86
PID 692 wrote to memory of 1716	692	msedge.exe	86
PID 692 wrote to memory of 1716	692	msedge.exe	86
PID 692 wrote to memory of 1716	692	msedge.exe	86
PID 692 wrote to memory of 1716	692	msedge.exe	86
PID 692 wrote to memory of 1716	692	msedge.exe	86
PID 692 wrote to memory of 1716	692	msedge.exe	86
PID 692 wrote to memory of 1716	692	msedge.exe	86
PID 692 wrote to memory of 1716	692	msedge.exe	86
PID 692 wrote to memory of 1716	692	msedge.exe	86
PID 692 wrote to memory of 1716	692	msedge.exe	86
PID 692 wrote to memory of 1716	692	msedge.exe	86
PID 692 wrote to memory of 1716	692	msedge.exe	86
PID 692 wrote to memory of 1716	692	msedge.exe	86
PID 692 wrote to memory of 1716	692	msedge.exe	86
PID 692 wrote to memory of 1716	692	msedge.exe	86
PID 692 wrote to memory of 1716	692	msedge.exe	86
PID 692 wrote to memory of 1716	692	msedge.exe	86
PID 692 wrote to memory of 1716	692	msedge.exe	86
PID 692 wrote to memory of 1716	692	msedge.exe	86
PID 692 wrote to memory of 1716	692	msedge.exe	86
PID 692 wrote to memory of 1716	692	msedge.exe	86
PID 692 wrote to memory of 1716	692	msedge.exe	86
PID 692 wrote to memory of 1716	692	msedge.exe	86
PID 692 wrote to memory of 3568	692	msedge.exe	87
PID 692 wrote to memory of 3568	692	msedge.exe	87
PID 692 wrote to memory of 1304	692	msedge.exe	88
PID 692 wrote to memory of 1304	692	msedge.exe	88
PID 692 wrote to memory of 1304	692	msedge.exe	88
PID 692 wrote to memory of 1304	692	msedge.exe	88
PID 692 wrote to memory of 1304	692	msedge.exe	88
PID 692 wrote to memory of 1304	692	msedge.exe	88
PID 692 wrote to memory of 1304	692	msedge.exe	88
PID 692 wrote to memory of 1304	692	msedge.exe	88
PID 692 wrote to memory of 1304	692	msedge.exe	88
PID 692 wrote to memory of 1304	692	msedge.exe	88
PID 692 wrote to memory of 1304	692	msedge.exe	88
PID 692 wrote to memory of 1304	692	msedge.exe	88
PID 692 wrote to memory of 1304	692	msedge.exe	88
PID 692 wrote to memory of 1304	692	msedge.exe	88
PID 692 wrote to memory of 1304	692	msedge.exe	88
PID 692 wrote to memory of 1304	692	msedge.exe	88
PID 692 wrote to memory of 1304	692	msedge.exe	88
PID 692 wrote to memory of 1304	692	msedge.exe	88
PID 692 wrote to memory of 1304	692	msedge.exe	88
PID 692 wrote to memory of 1304	692	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://download1648.mediafire.com/x4lw8p3316ugR2u52XkMiF3mLXmyAHMDPwKY8NfbCGOAz4xQFHxw8QE20WvIPIE8EPzy1BEFL3slKqTGxUZRQ8xVQe7tByQq5ipm-bgmBJio8o13pWQK9KzsTTU915X-9y5YgYbQIKFMwX4A0ajUgJB9MGKcppTD4wo1KF1iYr3B-w/vehz5gm393ydtoz/nitrogen.zip
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc014346f8,0x7ffc01434708,0x7ffc01434718
  2⤵
  PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1832,15741467362105893173,4818817107009915417,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2044 /prefetch:2
  2⤵
  PID:1716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1832,15741467362105893173,4818817107009915417,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1832,15741467362105893173,4818817107009915417,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8
  2⤵
  PID:1304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,15741467362105893173,4818817107009915417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:1940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,15741467362105893173,4818817107009915417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:2156
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1832,15741467362105893173,4818817107009915417,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5672 /prefetch:8
  2⤵
  PID:1400
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1832,15741467362105893173,4818817107009915417,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5672 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,15741467362105893173,4818817107009915417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:1
  2⤵
  PID:5092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,15741467362105893173,4818817107009915417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1
  2⤵
  PID:3644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,15741467362105893173,4818817107009915417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:1
  2⤵
  PID:4672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,15741467362105893173,4818817107009915417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3988 /prefetch:1
  2⤵
  PID:3396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,15741467362105893173,4818817107009915417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6256 /prefetch:1
  2⤵
  PID:1552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,15741467362105893173,4818817107009915417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6392 /prefetch:1
  2⤵
  PID:4192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,15741467362105893173,4818817107009915417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6740 /prefetch:1
  2⤵
  PID:5384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,15741467362105893173,4818817107009915417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6960 /prefetch:1
  2⤵
  PID:5428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,15741467362105893173,4818817107009915417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7176 /prefetch:1
  2⤵
  PID:5688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,15741467362105893173,4818817107009915417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6552 /prefetch:1
  2⤵
  PID:5920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1832,15741467362105893173,4818817107009915417,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7392 /prefetch:8
  2⤵
  PID:6052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,15741467362105893173,4818817107009915417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7292 /prefetch:1
  2⤵
  PID:6060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1832,15741467362105893173,4818817107009915417,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7316 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,15741467362105893173,4818817107009915417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6268 /prefetch:1
  2⤵
  PID:5924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,15741467362105893173,4818817107009915417,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3028 /prefetch:1
  2⤵
  PID:5940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,15741467362105893173,4818817107009915417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7572 /prefetch:1
  2⤵
  PID:3608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,15741467362105893173,4818817107009915417,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7464 /prefetch:1
  2⤵
  PID:5572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1832,15741467362105893173,4818817107009915417,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4868 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3512

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3344

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4740

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5580

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\nitrogen\README.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:6036

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
PID:6080

Network

DNS

232.168.11.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

232.168.11.51.in-addr.arpa

IN PTR

Response
DNS

download1648.mediafire.com

msedge.exe

Remote address:

8.8.8.8:53

Request

download1648.mediafire.com

IN A

Response

download1648.mediafire.com

IN A

199.91.152.148
GET

https://download1648.mediafire.com/x4lw8p3316ugR2u52XkMiF3mLXmyAHMDPwKY8NfbCGOAz4xQFHxw8QE20WvIPIE8EPzy1BEFL3slKqTGxUZRQ8xVQe7tByQq5ipm-bgmBJio8o13pWQK9KzsTTU915X-9y5YgYbQIKFMwX4A0ajUgJB9MGKcppTD4wo1KF1iYr3B-w/vehz5gm393ydtoz/nitrogen.zip

msedge.exe

Remote address:

199.91.152.148:443

Request

GET /x4lw8p3316ugR2u52XkMiF3mLXmyAHMDPwKY8NfbCGOAz4xQFHxw8QE20WvIPIE8EPzy1BEFL3slKqTGxUZRQ8xVQe7tByQq5ipm-bgmBJio8o13pWQK9KzsTTU915X-9y5YgYbQIKFMwX4A0ajUgJB9MGKcppTD4wo1KF1iYr3B-w/vehz5gm393ydtoz/nitrogen.zip HTTP/1.1
Host: download1648.mediafire.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
DNT: 1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 302 Found

server: bd-0.1.27
location: https://www.mediafire.com/download_repair.php?flag=9&dkey=x4lw8p3316ugR2u52XkMiF3mLXmyAHMDPwKY8NfbCGOAz4xQFHxw8QE20WvIPIE8EPzy1BEFL3slKqTGxUZRQ8xVQe7tByQq5ipm%2DbgmBJio8o13pWQK9KzsTTU915X%2D9y5YgYbQIKFMwX4A0ajUgJB9MGKcppTD4wo1KF1iYr3B%2Dw&qkey=vehz5gm393ydtoz&ip=194%2E110%2E13%2E70
content-length: 0
date: Fri, 19 Jul 2024 20:37:27 GMT
DNS

45.56.20.217.in-addr.arpa

Remote address:

8.8.8.8:53

Request

45.56.20.217.in-addr.arpa

IN PTR

Response
DNS

134.32.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

134.32.126.40.in-addr.arpa

IN PTR

Response
DNS

148.152.91.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

148.152.91.199.in-addr.arpa

IN PTR

Response
DNS

233.38.18.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

233.38.18.104.in-addr.arpa

IN PTR

Response
DNS

www.mediafire.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.mediafire.com

IN A

Response

www.mediafire.com

IN A

104.16.113.74

www.mediafire.com

IN A

104.16.114.74
GET

https://www.mediafire.com/download_repair.php?flag=9&dkey=x4lw8p3316ugR2u52XkMiF3mLXmyAHMDPwKY8NfbCGOAz4xQFHxw8QE20WvIPIE8EPzy1BEFL3slKqTGxUZRQ8xVQe7tByQq5ipm%2DbgmBJio8o13pWQK9KzsTTU915X%2D9y5YgYbQIKFMwX4A0ajUgJB9MGKcppTD4wo1KF1iYr3B%2Dw&qkey=vehz5gm393ydtoz&ip=194%2E110%2E13%2E70

msedge.exe

Remote address:

104.16.113.74:443

Request

GET /download_repair.php?flag=9&dkey=x4lw8p3316ugR2u52XkMiF3mLXmyAHMDPwKY8NfbCGOAz4xQFHxw8QE20WvIPIE8EPzy1BEFL3slKqTGxUZRQ8xVQe7tByQq5ipm%2DbgmBJio8o13pWQK9KzsTTU915X%2D9y5YgYbQIKFMwX4A0ajUgJB9MGKcppTD4wo1KF1iYr3B%2Dw&qkey=vehz5gm393ydtoz&ip=194%2E110%2E13%2E70 HTTP/2.0
host: www.mediafire.com
dnt: 1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Fri, 19 Jul 2024 20:37:28 GMT
content-type: text/html; charset=UTF-8
cf-ray: 8a5d8275da109565-LHR
cf-cache-status: DYNAMIC
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, max-age=0, post-check=0, pre-check=0
expires: 0
set-cookie: ukey=zw9q7d8nbn2f9b5tvckzk3gimo1fruj3; expires=Tue, 19-Jul-2044 20:37:28 GMT; Max-Age=631152000; path=/; domain=.mediafire.com; HttpOnly
access-control-allow-methods: OPTIONS, POST, GET
alt-svc: h3=":443"; ma=86400
content-security-policy: frame-ancestors *.mediafire.com
pragma: no-cache
x-frame-options: SAMEORIGIN
x-mf-env: liveApi
x-mf-fe: mf2
x-robots-tag: noindex, nofollow
set-cookie: dr_vehz5gm393ydtoz=1; expires=Fri, 19-Jul-2024 20:47:28 GMT; Max-Age=600; path=/; domain=.mediafire.com; HttpOnly
set-cookie: __cf_bm=mmv0rjuqB6qiJsj6ItaIvkSGemeJTQLCLKawH2K_t2U-1721421448-1.0.1.1-xu4KePR.o8wiuj4PPjT7NlGWZpaC3ZPx2a_gaxQTfZnvnx81Y6Lx3qD1POlYAj_CnfkpJX73l5AzV3JwE0Ig.w; path=/; expires=Fri, 19-Jul-24 21:07:28 GMT; domain=.mediafire.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
content-encoding: gzip
GET

https://static.mediafire.com/css/mfv3_121931.php?ver=ssl

msedge.exe

Remote address:

104.16.113.74:443

Request

GET /css/mfv3_121931.php?ver=ssl HTTP/2.0
host: static.mediafire.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ukey=zw9q7d8nbn2f9b5tvckzk3gimo1fruj3
cookie: dr_vehz5gm393ydtoz=1
cookie: __cf_bm=mmv0rjuqB6qiJsj6ItaIvkSGemeJTQLCLKawH2K_t2U-1721421448-1.0.1.1-xu4KePR.o8wiuj4PPjT7NlGWZpaC3ZPx2a_gaxQTfZnvnx81Y6Lx3qD1POlYAj_CnfkpJX73l5AzV3JwE0Ig.w

Response

HTTP/2.0 200

date: Fri, 19 Jul 2024 20:37:28 GMT
content-type: text/css;charset=UTF-8
pragma: public
cache-control: max-age=
expires: Fri, 02 Aug 2024 17:00:04 GMT
x-mf-env: liveApi
x-mf-fe: mf2
access-control-allow-origin: *
access-control-allow-methods: OPTIONS, POST, GET
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 19 Jul 2024 17:00:04 GMT
cf-cache-status: HIT
age: 13018
vary: Accept-Encoding
server: cloudflare
cf-ray: 8a5d8277bcdc9565-LHR
content-encoding: gzip
GET

https://static.mediafire.com/css/mfv4_121931.php?ver=ssl&date=2024-07-19

msedge.exe

Remote address:

104.16.113.74:443

Request

GET /css/mfv4_121931.php?ver=ssl&date=2024-07-19 HTTP/2.0
host: static.mediafire.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ukey=zw9q7d8nbn2f9b5tvckzk3gimo1fruj3
cookie: dr_vehz5gm393ydtoz=1
cookie: __cf_bm=mmv0rjuqB6qiJsj6ItaIvkSGemeJTQLCLKawH2K_t2U-1721421448-1.0.1.1-xu4KePR.o8wiuj4PPjT7NlGWZpaC3ZPx2a_gaxQTfZnvnx81Y6Lx3qD1POlYAj_CnfkpJX73l5AzV3JwE0Ig.w

Response

HTTP/2.0 200

date: Fri, 19 Jul 2024 20:37:28 GMT
content-type: text/css;charset=UTF-8
pragma: public
cache-control: max-age=
expires: Fri, 02 Aug 2024 16:30:49 GMT
x-mf-env: liveApi
x-mf-fe: mf2
access-control-allow-origin: *
access-control-allow-methods: OPTIONS, POST, GET
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 19 Jul 2024 16:30:49 GMT
cf-cache-status: HIT
age: 12152
vary: Accept-Encoding
server: cloudflare
cf-ray: 8a5d8277bcd99565-LHR
content-encoding: gzip
GET

https://static.mediafire.com/js/master_121931.js

msedge.exe

Remote address:

104.16.113.74:443

Request

GET /js/master_121931.js HTTP/2.0
host: static.mediafire.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ukey=zw9q7d8nbn2f9b5tvckzk3gimo1fruj3
cookie: dr_vehz5gm393ydtoz=1
cookie: __cf_bm=mmv0rjuqB6qiJsj6ItaIvkSGemeJTQLCLKawH2K_t2U-1721421448-1.0.1.1-xu4KePR.o8wiuj4PPjT7NlGWZpaC3ZPx2a_gaxQTfZnvnx81Y6Lx3qD1POlYAj_CnfkpJX73l5AzV3JwE0Ig.w

Response

HTTP/2.0 200

date: Fri, 19 Jul 2024 20:37:29 GMT
content-type: application/x-javascript
last-modified: Tue, 28 May 2024 16:29:56 GMT
vary: Accept-Encoding
etag: W/"66560684-8d73c"
expires: Sun, 18 Aug 2024 19:41:40 GMT
cache-control: max-age=2592000
content-encoding: gzip
x-mf-env: liveApi
x-mf-fe: mf1
access-control-allow-origin: *
access-control-allow-methods: OPTIONS, POST, GET
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 368
server: cloudflare
cf-ray: 8a5d82789e1a9565-LHR
GET

https://static.mediafire.com/images/backgrounds/header/mf_logo_u1_full_color_reversed.svg

msedge.exe

Remote address:

104.16.113.74:443

Request

GET /images/backgrounds/header/mf_logo_u1_full_color_reversed.svg HTTP/2.0
host: static.mediafire.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ukey=zw9q7d8nbn2f9b5tvckzk3gimo1fruj3
cookie: dr_vehz5gm393ydtoz=1
cookie: __cf_bm=mmv0rjuqB6qiJsj6ItaIvkSGemeJTQLCLKawH2K_t2U-1721421448-1.0.1.1-xu4KePR.o8wiuj4PPjT7NlGWZpaC3ZPx2a_gaxQTfZnvnx81Y6Lx3qD1POlYAj_CnfkpJX73l5AzV3JwE0Ig.w

Response

HTTP/2.0 200

date: Fri, 19 Jul 2024 20:37:29 GMT
content-type: image/svg+xml
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
etag: W/"62deda56-121c"
x-mf-env: liveApi
x-mf-fe: mf2
access-control-allow-origin: *
access-control-allow-methods: OPTIONS, POST, GET
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 14381
vary: Accept-Encoding
server: cloudflare
cf-ray: 8a5d8278eea69565-LHR
content-encoding: gzip
GET

https://static.mediafire.com/images/backgrounds/header/mf_logo_u1_full_color.svg

msedge.exe

Remote address:

104.16.113.74:443

Request

GET /images/backgrounds/header/mf_logo_u1_full_color.svg HTTP/2.0
host: static.mediafire.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ukey=zw9q7d8nbn2f9b5tvckzk3gimo1fruj3
cookie: dr_vehz5gm393ydtoz=1
cookie: __cf_bm=mmv0rjuqB6qiJsj6ItaIvkSGemeJTQLCLKawH2K_t2U-1721421448-1.0.1.1-xu4KePR.o8wiuj4PPjT7NlGWZpaC3ZPx2a_gaxQTfZnvnx81Y6Lx3qD1POlYAj_CnfkpJX73l5AzV3JwE0Ig.w

Response

HTTP/2.0 200

date: Fri, 19 Jul 2024 20:37:29 GMT
content-type: image/svg+xml
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
etag: W/"62deda56-11ca"
x-mf-env: liveApi
x-mf-fe: mf1
access-control-allow-origin: *
access-control-allow-methods: OPTIONS, POST, GET
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 14382
vary: Accept-Encoding
server: cloudflare
cf-ray: 8a5d8278eea29565-LHR
content-encoding: gzip
GET

https://www.mediafire.com/images/icons/myfiles/default.png

msedge.exe

Remote address:

104.16.113.74:443

Request

GET /images/icons/myfiles/default.png HTTP/2.0
host: www.mediafire.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.mediafire.com/download_repair.php?flag=9&dkey=x4lw8p3316ugR2u52XkMiF3mLXmyAHMDPwKY8NfbCGOAz4xQFHxw8QE20WvIPIE8EPzy1BEFL3slKqTGxUZRQ8xVQe7tByQq5ipm%2DbgmBJio8o13pWQK9KzsTTU915X%2D9y5YgYbQIKFMwX4A0ajUgJB9MGKcppTD4wo1KF1iYr3B%2Dw&qkey=vehz5gm393ydtoz&ip=194%2E110%2E13%2E70
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ukey=zw9q7d8nbn2f9b5tvckzk3gimo1fruj3
cookie: dr_vehz5gm393ydtoz=1
cookie: __cf_bm=mmv0rjuqB6qiJsj6ItaIvkSGemeJTQLCLKawH2K_t2U-1721421448-1.0.1.1-xu4KePR.o8wiuj4PPjT7NlGWZpaC3ZPx2a_gaxQTfZnvnx81Y6Lx3qD1POlYAj_CnfkpJX73l5AzV3JwE0Ig.w

Response

HTTP/2.0 200

date: Fri, 19 Jul 2024 20:37:29 GMT
content-type: image/png
content-length: 364
cf-ray: 8a5d8278eea79565-LHR
cf-cache-status: HIT
accept-ranges: bytes
access-control-allow-origin: *
age: 3696
cache-control: max-age=2592000
etag: "62deda56-1a8"
expires: Sun, 18 Aug 2024 15:57:27 GMT
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
vary: Accept-Encoding
access-control-allow-methods: OPTIONS, POST, GET
alt-svc: h3=":443"; ma=86400
cf-bgj: imgq:100,h2pri
cf-polished: origSize=424
x-mf-env: liveApi
x-mf-fe: mf1
server: cloudflare
GET

https://www.mediafire.com/blank.html

msedge.exe

Remote address:

104.16.113.74:443

Request

GET /blank.html HTTP/2.0
host: www.mediafire.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.mediafire.com/download_repair.php?flag=9&dkey=x4lw8p3316ugR2u52XkMiF3mLXmyAHMDPwKY8NfbCGOAz4xQFHxw8QE20WvIPIE8EPzy1BEFL3slKqTGxUZRQ8xVQe7tByQq5ipm%2DbgmBJio8o13pWQK9KzsTTU915X%2D9y5YgYbQIKFMwX4A0ajUgJB9MGKcppTD4wo1KF1iYr3B%2Dw&qkey=vehz5gm393ydtoz&ip=194%2E110%2E13%2E70
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ukey=zw9q7d8nbn2f9b5tvckzk3gimo1fruj3
cookie: dr_vehz5gm393ydtoz=1
cookie: __cf_bm=mmv0rjuqB6qiJsj6ItaIvkSGemeJTQLCLKawH2K_t2U-1721421448-1.0.1.1-xu4KePR.o8wiuj4PPjT7NlGWZpaC3ZPx2a_gaxQTfZnvnx81Y6Lx3qD1POlYAj_CnfkpJX73l5AzV3JwE0Ig.w

Response

HTTP/2.0 200

date: Fri, 19 Jul 2024 20:37:29 GMT
content-type: text/html; charset=UTF-8
cf-ray: 8a5d82791ef29565-LHR
cf-cache-status: HIT
access-control-allow-origin: *
age: 1487124
cache-control: public, max-age=43200
expires: Sat, 20 Jul 2024 08:37:29 GMT
last-modified: Tue, 28 May 2024 16:29:37 GMT
vary: Accept-Encoding
access-control-allow-methods: OPTIONS, POST, GET
alt-svc: h3=":443"; ma=86400
content-security-policy: frame-ancestors *
x-mf-env: liveApi
x-mf-fe: mf2
server: cloudflare
content-encoding: gzip
GET

https://www.mediafire.com/templates/upgrade/upgrade_button.php

msedge.exe

Remote address:

104.16.113.74:443

Request

GET /templates/upgrade/upgrade_button.php HTTP/2.0
host: www.mediafire.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.mediafire.com/download_repair.php?flag=9&dkey=x4lw8p3316ugR2u52XkMiF3mLXmyAHMDPwKY8NfbCGOAz4xQFHxw8QE20WvIPIE8EPzy1BEFL3slKqTGxUZRQ8xVQe7tByQq5ipm%2DbgmBJio8o13pWQK9KzsTTU915X%2D9y5YgYbQIKFMwX4A0ajUgJB9MGKcppTD4wo1KF1iYr3B%2Dw&qkey=vehz5gm393ydtoz&ip=194%2E110%2E13%2E70
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ukey=zw9q7d8nbn2f9b5tvckzk3gimo1fruj3
cookie: dr_vehz5gm393ydtoz=1
cookie: __cf_bm=mmv0rjuqB6qiJsj6ItaIvkSGemeJTQLCLKawH2K_t2U-1721421448-1.0.1.1-xu4KePR.o8wiuj4PPjT7NlGWZpaC3ZPx2a_gaxQTfZnvnx81Y6Lx3qD1POlYAj_CnfkpJX73l5AzV3JwE0Ig.w

Response

HTTP/2.0 200

date: Fri, 19 Jul 2024 20:37:29 GMT
content-type: image/svg+xml
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
etag: W/"62deda56-90ab"
x-mf-env: liveApi
x-mf-fe: mf1
access-control-allow-origin: *
access-control-allow-methods: OPTIONS, POST, GET
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 567
vary: Accept-Encoding
server: cloudflare
cf-ray: 8a5d82792f0b9565-LHR
content-encoding: gzip
GET

https://static.mediafire.com/images/icons/svg_dark/icons_sprite.svg

msedge.exe

Remote address:

104.16.113.74:443

Request

GET /images/icons/svg_dark/icons_sprite.svg HTTP/2.0
host: static.mediafire.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://static.mediafire.com/css/mfv4_121931.php?ver=ssl&date=2024-07-19
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ukey=zw9q7d8nbn2f9b5tvckzk3gimo1fruj3
cookie: dr_vehz5gm393ydtoz=1
cookie: __cf_bm=mmv0rjuqB6qiJsj6ItaIvkSGemeJTQLCLKawH2K_t2U-1721421448-1.0.1.1-xu4KePR.o8wiuj4PPjT7NlGWZpaC3ZPx2a_gaxQTfZnvnx81Y6Lx3qD1POlYAj_CnfkpJX73l5AzV3JwE0Ig.w

Response

HTTP/2.0 304

date: Fri, 19 Jul 2024 20:37:29 GMT
cf-ray: 8a5d8279afd49565-LHR
cf-cache-status: HIT
access-control-allow-origin: *
age: 1487124
cache-control: public, max-age=43200
etag: W/"66560671-fd"
expires: Sat, 20 Jul 2024 08:37:29 GMT
last-modified: Tue, 28 May 2024 16:29:37 GMT
vary: Accept-Encoding
access-control-allow-methods: OPTIONS, POST, GET
alt-svc: h3=":443"; ma=86400
content-security-policy: frame-ancestors *
x-mf-env: liveApi
x-mf-fe: mf2
server: cloudflare
GET

https://www.mediafire.com/blank.html

msedge.exe

Remote address:

104.16.113.74:443

Request

GET /blank.html HTTP/2.0
host: www.mediafire.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.mediafire.com/download_repair.php?flag=9&dkey=x4lw8p3316ugR2u52XkMiF3mLXmyAHMDPwKY8NfbCGOAz4xQFHxw8QE20WvIPIE8EPzy1BEFL3slKqTGxUZRQ8xVQe7tByQq5ipm%2DbgmBJio8o13pWQK9KzsTTU915X%2D9y5YgYbQIKFMwX4A0ajUgJB9MGKcppTD4wo1KF1iYr3B%2Dw&qkey=vehz5gm393ydtoz&ip=194%2E110%2E13%2E70
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ukey=zw9q7d8nbn2f9b5tvckzk3gimo1fruj3
cookie: dr_vehz5gm393ydtoz=1
cookie: __cf_bm=mmv0rjuqB6qiJsj6ItaIvkSGemeJTQLCLKawH2K_t2U-1721421448-1.0.1.1-xu4KePR.o8wiuj4PPjT7NlGWZpaC3ZPx2a_gaxQTfZnvnx81Y6Lx3qD1POlYAj_CnfkpJX73l5AzV3JwE0Ig.w
if-modified-since: Tue, 28 May 2024 16:29:37 GMT

Response

HTTP/2.0 200

date: Fri, 19 Jul 2024 20:37:29 GMT
content-type: image/svg+xml
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
etag: W/"62deda56-4d3"
x-mf-env: liveApi
x-mf-fe: mf1
access-control-allow-origin: *
access-control-allow-methods: OPTIONS, POST, GET
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 2701
vary: Accept-Encoding
server: cloudflare
cf-ray: 8a5d8279f83c9565-LHR
content-encoding: gzip
GET

https://static.mediafire.com/images/backgrounds/download/download_status/download_new_key.svg

msedge.exe

Remote address:

104.16.113.74:443

Request

GET /images/backgrounds/download/download_status/download_new_key.svg HTTP/2.0
host: static.mediafire.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://static.mediafire.com/css/mfv3_121931.php?ver=ssl
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ukey=zw9q7d8nbn2f9b5tvckzk3gimo1fruj3
cookie: dr_vehz5gm393ydtoz=1
cookie: __cf_bm=mmv0rjuqB6qiJsj6ItaIvkSGemeJTQLCLKawH2K_t2U-1721421448-1.0.1.1-xu4KePR.o8wiuj4PPjT7NlGWZpaC3ZPx2a_gaxQTfZnvnx81Y6Lx3qD1POlYAj_CnfkpJX73l5AzV3JwE0Ig.w

Response

HTTP/2.0 200

date: Fri, 19 Jul 2024 20:37:29 GMT
content-type: text/html; charset=UTF-8
cf-ray: 8a5d82791ef69565-LHR
cf-cache-status: DYNAMIC
access-control-allow-origin: *
access-control-allow-methods: OPTIONS, POST, GET
alt-svc: h3=":443"; ma=86400
x-mf-env: liveApi
x-mf-fe: mf2
x-robots-tag: noindex, nofollow
vary: Accept-Encoding
server: cloudflare
content-encoding: gzip
GET

https://www.mediafire.com/blank.html

msedge.exe

Remote address:

104.16.113.74:443

Request

GET /blank.html HTTP/2.0
host: www.mediafire.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.mediafire.com/download_repair.php?flag=9&dkey=x4lw8p3316ugR2u52XkMiF3mLXmyAHMDPwKY8NfbCGOAz4xQFHxw8QE20WvIPIE8EPzy1BEFL3slKqTGxUZRQ8xVQe7tByQq5ipm%2DbgmBJio8o13pWQK9KzsTTU915X%2D9y5YgYbQIKFMwX4A0ajUgJB9MGKcppTD4wo1KF1iYr3B%2Dw&qkey=vehz5gm393ydtoz&ip=194%2E110%2E13%2E70
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ukey=zw9q7d8nbn2f9b5tvckzk3gimo1fruj3
cookie: dr_vehz5gm393ydtoz=1
cookie: __cf_bm=mmv0rjuqB6qiJsj6ItaIvkSGemeJTQLCLKawH2K_t2U-1721421448-1.0.1.1-xu4KePR.o8wiuj4PPjT7NlGWZpaC3ZPx2a_gaxQTfZnvnx81Y6Lx3qD1POlYAj_CnfkpJX73l5AzV3JwE0Ig.w
if-modified-since: Tue, 28 May 2024 16:29:37 GMT

Response

HTTP/2.0 200

date: Fri, 19 Jul 2024 20:37:29 GMT
content-type: image/svg+xml
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
etag: W/"62deda56-1300"
x-mf-env: liveApi
x-mf-fe: mf1
access-control-allow-origin: *
access-control-allow-methods: OPTIONS, POST, GET
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 1889
vary: Accept-Encoding
server: cloudflare
cf-ray: 8a5d827ab9349565-LHR
content-encoding: gzip
GET

https://static.mediafire.com/images/icons/svg_dark/social_icons_sprite.svg

msedge.exe

Remote address:

104.16.113.74:443

Request

GET /images/icons/svg_dark/social_icons_sprite.svg HTTP/2.0
host: static.mediafire.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://static.mediafire.com/css/mfv4_121931.php?ver=ssl&date=2024-07-19
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ukey=zw9q7d8nbn2f9b5tvckzk3gimo1fruj3
cookie: dr_vehz5gm393ydtoz=1
cookie: __cf_bm=mmv0rjuqB6qiJsj6ItaIvkSGemeJTQLCLKawH2K_t2U-1721421448-1.0.1.1-xu4KePR.o8wiuj4PPjT7NlGWZpaC3ZPx2a_gaxQTfZnvnx81Y6Lx3qD1POlYAj_CnfkpJX73l5AzV3JwE0Ig.w

Response

HTTP/2.0 304

date: Fri, 19 Jul 2024 20:37:29 GMT
cf-ray: 8a5d827a99119565-LHR
cf-cache-status: HIT
access-control-allow-origin: *
age: 1487124
cache-control: public, max-age=43200
etag: W/"66560671-fd"
expires: Sat, 20 Jul 2024 08:37:29 GMT
last-modified: Tue, 28 May 2024 16:29:37 GMT
vary: Accept-Encoding
access-control-allow-methods: OPTIONS, POST, GET
alt-svc: h3=":443"; ma=86400
content-security-policy: frame-ancestors *
x-mf-env: liveApi
x-mf-fe: mf2
server: cloudflare
GET

https://static.mediafire.com/images/icons/svg_light/facebook.svg

msedge.exe

Remote address:

104.16.113.74:443

Request

GET /images/icons/svg_light/facebook.svg HTTP/2.0
host: static.mediafire.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://static.mediafire.com/css/mfv4_121931.php?ver=ssl&date=2024-07-19
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ukey=zw9q7d8nbn2f9b5tvckzk3gimo1fruj3
cookie: dr_vehz5gm393ydtoz=1
cookie: __cf_bm=mmv0rjuqB6qiJsj6ItaIvkSGemeJTQLCLKawH2K_t2U-1721421448-1.0.1.1-xu4KePR.o8wiuj4PPjT7NlGWZpaC3ZPx2a_gaxQTfZnvnx81Y6Lx3qD1POlYAj_CnfkpJX73l5AzV3JwE0Ig.w

Response

HTTP/2.0 200

date: Fri, 19 Jul 2024 20:37:29 GMT
content-type: image/svg+xml
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
etag: W/"62deda56-191"
x-mf-env: liveApi
x-mf-fe: mf1
access-control-allow-origin: *
access-control-allow-methods: OPTIONS, POST, GET
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 10484
vary: Accept-Encoding
server: cloudflare
cf-ray: 8a5d827af9849565-LHR
content-encoding: gzip
GET

https://static.mediafire.com/images/icons/svg_light/twitter.svg

msedge.exe

Remote address:

104.16.113.74:443

Request

GET /images/icons/svg_light/twitter.svg HTTP/2.0
host: static.mediafire.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://static.mediafire.com/css/mfv4_121931.php?ver=ssl&date=2024-07-19
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ukey=zw9q7d8nbn2f9b5tvckzk3gimo1fruj3
cookie: dr_vehz5gm393ydtoz=1
cookie: __cf_bm=mmv0rjuqB6qiJsj6ItaIvkSGemeJTQLCLKawH2K_t2U-1721421448-1.0.1.1-xu4KePR.o8wiuj4PPjT7NlGWZpaC3ZPx2a_gaxQTfZnvnx81Y6Lx3qD1POlYAj_CnfkpJX73l5AzV3JwE0Ig.w

Response

HTTP/2.0 200

date: Fri, 19 Jul 2024 20:37:29 GMT
content-type: image/svg+xml
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
etag: W/"62deda56-3b5"
x-mf-env: liveApi
x-mf-fe: mf1
access-control-allow-origin: *
access-control-allow-methods: OPTIONS, POST, GET
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 1928
vary: Accept-Encoding
server: cloudflare
cf-ray: 8a5d827af9889565-LHR
content-encoding: gzip
GET

https://www.mediafire.com/cdn-cgi/challenge-platform/scripts/jsd/main.js

msedge.exe

Remote address:

104.16.113.74:443

Request

GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/2.0
host: www.mediafire.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ukey=zw9q7d8nbn2f9b5tvckzk3gimo1fruj3
cookie: dr_vehz5gm393ydtoz=1
cookie: __cf_bm=mmv0rjuqB6qiJsj6ItaIvkSGemeJTQLCLKawH2K_t2U-1721421448-1.0.1.1-xu4KePR.o8wiuj4PPjT7NlGWZpaC3ZPx2a_gaxQTfZnvnx81Y6Lx3qD1POlYAj_CnfkpJX73l5AzV3JwE0Ig.w

Response

HTTP/2.0 302

date: Fri, 19 Jul 2024 20:37:29 GMT
content-length: 0
location: /cdn-cgi/challenge-platform/h/b/scripts/jsd/bbfecc7f1c71/main.js?
cache-control: max-age: 300, public
access-control-allow-origin: *
vary: Accept-Encoding
server: cloudflare
cf-ray: 8a5d827b5a119565-LHR
alt-svc: h3=":443"; ma=86400
GET

https://www.mediafire.com/blank.html

msedge.exe

Remote address:

104.16.113.74:443

Request

GET /blank.html HTTP/2.0
host: www.mediafire.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.mediafire.com/download_repair.php?flag=9&dkey=x4lw8p3316ugR2u52XkMiF3mLXmyAHMDPwKY8NfbCGOAz4xQFHxw8QE20WvIPIE8EPzy1BEFL3slKqTGxUZRQ8xVQe7tByQq5ipm%2DbgmBJio8o13pWQK9KzsTTU915X%2D9y5YgYbQIKFMwX4A0ajUgJB9MGKcppTD4wo1KF1iYr3B%2Dw&qkey=vehz5gm393ydtoz&ip=194%2E110%2E13%2E70
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ukey=zw9q7d8nbn2f9b5tvckzk3gimo1fruj3
cookie: dr_vehz5gm393ydtoz=1
cookie: __cf_bm=mmv0rjuqB6qiJsj6ItaIvkSGemeJTQLCLKawH2K_t2U-1721421448-1.0.1.1-xu4KePR.o8wiuj4PPjT7NlGWZpaC3ZPx2a_gaxQTfZnvnx81Y6Lx3qD1POlYAj_CnfkpJX73l5AzV3JwE0Ig.w
if-modified-since: Tue, 28 May 2024 16:29:37 GMT

Response

HTTP/2.0 304

date: Fri, 19 Jul 2024 20:37:29 GMT
cf-ray: 8a5d827b5a149565-LHR
cf-cache-status: HIT
access-control-allow-origin: *
age: 1487124
cache-control: public, max-age=43200
etag: W/"66560671-fd"
expires: Sat, 20 Jul 2024 08:37:29 GMT
last-modified: Tue, 28 May 2024 16:29:37 GMT
vary: Accept-Encoding
access-control-allow-methods: OPTIONS, POST, GET
alt-svc: h3=":443"; ma=86400
content-security-policy: frame-ancestors *
x-mf-env: liveApi
x-mf-fe: mf2
server: cloudflare
GET

https://www.mediafire.com/cdn-cgi/challenge-platform/scripts/jsd/main.js

msedge.exe

Remote address:

104.16.113.74:443

Request

GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/2.0
host: www.mediafire.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ukey=zw9q7d8nbn2f9b5tvckzk3gimo1fruj3
cookie: dr_vehz5gm393ydtoz=1
cookie: __cf_bm=mmv0rjuqB6qiJsj6ItaIvkSGemeJTQLCLKawH2K_t2U-1721421448-1.0.1.1-xu4KePR.o8wiuj4PPjT7NlGWZpaC3ZPx2a_gaxQTfZnvnx81Y6Lx3qD1POlYAj_CnfkpJX73l5AzV3JwE0Ig.w

Response

HTTP/2.0 302

date: Fri, 19 Jul 2024 20:37:29 GMT
content-length: 0
location: /cdn-cgi/challenge-platform/h/b/scripts/jsd/bbfecc7f1c71/main.js?
cache-control: max-age: 300, public
access-control-allow-origin: *
vary: Accept-Encoding
server: cloudflare
cf-ray: 8a5d827c9be39565-LHR
alt-svc: h3=":443"; ma=86400
GET

https://www.mediafire.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/bbfecc7f1c71/main.js?

msedge.exe

Remote address:

104.16.113.74:443

Request

GET /cdn-cgi/challenge-platform/h/b/scripts/jsd/bbfecc7f1c71/main.js? HTTP/2.0
host: www.mediafire.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ukey=zw9q7d8nbn2f9b5tvckzk3gimo1fruj3
cookie: dr_vehz5gm393ydtoz=1
cookie: __cf_bm=mmv0rjuqB6qiJsj6ItaIvkSGemeJTQLCLKawH2K_t2U-1721421448-1.0.1.1-xu4KePR.o8wiuj4PPjT7NlGWZpaC3ZPx2a_gaxQTfZnvnx81Y6Lx3qD1POlYAj_CnfkpJX73l5AzV3JwE0Ig.w

Response

HTTP/2.0 200

date: Fri, 19 Jul 2024 20:37:29 GMT
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
x-content-type-options: nosniff
vary: Accept-Encoding
server: cloudflare
cf-ray: 8a5d827cabf09565-LHR
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
GET

https://www.mediafire.com/cdn-cgi/challenge-platform/scripts/jsd/main.js

msedge.exe

Remote address:

104.16.113.74:443

Request

GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/2.0
host: www.mediafire.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ukey=zw9q7d8nbn2f9b5tvckzk3gimo1fruj3
cookie: dr_vehz5gm393ydtoz=1
cookie: __cf_bm=mmv0rjuqB6qiJsj6ItaIvkSGemeJTQLCLKawH2K_t2U-1721421448-1.0.1.1-xu4KePR.o8wiuj4PPjT7NlGWZpaC3ZPx2a_gaxQTfZnvnx81Y6Lx3qD1POlYAj_CnfkpJX73l5AzV3JwE0Ig.w

Response

HTTP/2.0 302

date: Fri, 19 Jul 2024 20:37:29 GMT
content-length: 0
location: /cdn-cgi/challenge-platform/h/b/scripts/jsd/bbfecc7f1c71/main.js?
cache-control: max-age: 300, public
access-control-allow-origin: *
vary: Accept-Encoding
server: cloudflare
cf-ray: 8a5d827d0c879565-LHR
alt-svc: h3=":443"; ma=86400
GET

https://www.mediafire.com/cdn-cgi/challenge-platform/scripts/jsd/main.js

msedge.exe

Remote address:

104.16.113.74:443

Request

GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/2.0
host: www.mediafire.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ukey=zw9q7d8nbn2f9b5tvckzk3gimo1fruj3
cookie: dr_vehz5gm393ydtoz=1
cookie: __cf_bm=mmv0rjuqB6qiJsj6ItaIvkSGemeJTQLCLKawH2K_t2U-1721421448-1.0.1.1-xu4KePR.o8wiuj4PPjT7NlGWZpaC3ZPx2a_gaxQTfZnvnx81Y6Lx3qD1POlYAj_CnfkpJX73l5AzV3JwE0Ig.w

Response

HTTP/2.0 302

date: Fri, 19 Jul 2024 20:37:29 GMT
content-length: 0
location: /cdn-cgi/challenge-platform/h/b/scripts/jsd/bbfecc7f1c71/main.js?
cache-control: max-age: 300, public
access-control-allow-origin: *
vary: Accept-Encoding
server: cloudflare
cf-ray: 8a5d827d7d229565-LHR
alt-svc: h3=":443"; ma=86400
GET

https://www.mediafire.com/cdn-cgi/challenge-platform/scripts/jsd/main.js

msedge.exe

Remote address:

104.16.113.74:443

Request

GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/2.0
host: www.mediafire.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ukey=zw9q7d8nbn2f9b5tvckzk3gimo1fruj3
cookie: dr_vehz5gm393ydtoz=1
cookie: __cf_bm=mmv0rjuqB6qiJsj6ItaIvkSGemeJTQLCLKawH2K_t2U-1721421448-1.0.1.1-xu4KePR.o8wiuj4PPjT7NlGWZpaC3ZPx2a_gaxQTfZnvnx81Y6Lx3qD1POlYAj_CnfkpJX73l5AzV3JwE0Ig.w
cookie: amp_28916b=IRYoKQ3-89ZhgQCqJF2M9U...1i36bdi0l.1i36bdi0n.0.1.1

Response

HTTP/2.0 302

date: Fri, 19 Jul 2024 20:37:29 GMT
content-length: 0
location: /cdn-cgi/challenge-platform/h/b/scripts/jsd/bbfecc7f1c71/main.js?
cache-control: max-age: 300, public
access-control-allow-origin: *
vary: Accept-Encoding
server: cloudflare
cf-ray: 8a5d827e2e179565-LHR
alt-svc: h3=":443"; ma=86400
GET

https://www.mediafire.com/cdn-cgi/challenge-platform/scripts/jsd/main.js

msedge.exe

Remote address:

104.16.113.74:443

Request

GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/2.0
host: www.mediafire.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ukey=zw9q7d8nbn2f9b5tvckzk3gimo1fruj3
cookie: dr_vehz5gm393ydtoz=1
cookie: __cf_bm=mmv0rjuqB6qiJsj6ItaIvkSGemeJTQLCLKawH2K_t2U-1721421448-1.0.1.1-xu4KePR.o8wiuj4PPjT7NlGWZpaC3ZPx2a_gaxQTfZnvnx81Y6Lx3qD1POlYAj_CnfkpJX73l5AzV3JwE0Ig.w
cookie: amp_28916b=IRYoKQ3-89ZhgQCqJF2M9U...1i36bdi0l.1i36bdi0n.0.1.1

Response

HTTP/2.0 302

date: Fri, 19 Jul 2024 20:37:29 GMT
content-length: 0
location: /cdn-cgi/challenge-platform/h/b/scripts/jsd/bbfecc7f1c71/main.js?
cache-control: max-age: 300, public
access-control-allow-origin: *
vary: Accept-Encoding
server: cloudflare
cf-ray: 8a5d827e6ea69565-LHR
alt-svc: h3=":443"; ma=86400
POST

https://www.mediafire.com/cdn-cgi/challenge-platform/h/b/jsd/r/8a5d82791ef29565

msedge.exe

Remote address:

104.16.113.74:443

Request

POST /cdn-cgi/challenge-platform/h/b/jsd/r/8a5d82791ef29565 HTTP/2.0
host: www.mediafire.com
content-length: 14069
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: application/json
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ukey=zw9q7d8nbn2f9b5tvckzk3gimo1fruj3
cookie: dr_vehz5gm393ydtoz=1
cookie: __cf_bm=mmv0rjuqB6qiJsj6ItaIvkSGemeJTQLCLKawH2K_t2U-1721421448-1.0.1.1-xu4KePR.o8wiuj4PPjT7NlGWZpaC3ZPx2a_gaxQTfZnvnx81Y6Lx3qD1POlYAj_CnfkpJX73l5AzV3JwE0Ig.w
cookie: amp_28916b=IRYoKQ3-89ZhgQCqJF2M9U...1i36bdi0l.1i36bdi0n.0.1.1

Response

HTTP/2.0 200

date: Fri, 19 Jul 2024 20:37:30 GMT
content-type: text/plain; charset=UTF-8
content-length: 0
set-cookie: cf_clearance=; Path=/; Expires=Thu, 01-Jan-70 00:00:00 GMT; Domain=.mediafire.com; HttpOnly; Secure; SameSite=None
set-cookie: cf_clearance=rwv5pzdmlKrCXNLq5SCtXpEt00XcWlsN1wQ6hQ7jnu0-1721421450-1.0.1.1-OV1Yfso8fcl9xRizSHHdftcqUF6dp90snH.syfh8w5dnE_ojTAv7u7JyUiE8JMFOHNWWHNXxen5fr5lrZAxY6A; Path=/; Expires=Sat, 19-Jul-25 20:37:30 GMT; Domain=.mediafire.com; HttpOnly; Secure; SameSite=None; Partitioned
server: cloudflare
cf-ray: 8a5d827fb8bc9565-LHR
alt-svc: h3=":443"; ma=86400
POST

https://www.mediafire.com/cdn-cgi/challenge-platform/h/b/jsd/r/8a5d8275da109565

msedge.exe

Remote address:

104.16.113.74:443

Request

POST /cdn-cgi/challenge-platform/h/b/jsd/r/8a5d8275da109565 HTTP/2.0
host: www.mediafire.com
content-length: 14500
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: application/json
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ukey=zw9q7d8nbn2f9b5tvckzk3gimo1fruj3
cookie: dr_vehz5gm393ydtoz=1
cookie: __cf_bm=mmv0rjuqB6qiJsj6ItaIvkSGemeJTQLCLKawH2K_t2U-1721421448-1.0.1.1-xu4KePR.o8wiuj4PPjT7NlGWZpaC3ZPx2a_gaxQTfZnvnx81Y6Lx3qD1POlYAj_CnfkpJX73l5AzV3JwE0Ig.w
cookie: amp_28916b=IRYoKQ3-89ZhgQCqJF2M9U...1i36bdi0l.1i36bdi0n.0.1.1
cookie: cf_clearance=rwv5pzdmlKrCXNLq5SCtXpEt00XcWlsN1wQ6hQ7jnu0-1721421450-1.0.1.1-OV1Yfso8fcl9xRizSHHdftcqUF6dp90snH.syfh8w5dnE_ojTAv7u7JyUiE8JMFOHNWWHNXxen5fr5lrZAxY6A

Response

HTTP/2.0 200

date: Fri, 19 Jul 2024 20:37:30 GMT
content-type: text/plain; charset=UTF-8
content-length: 0
set-cookie: cf_clearance=; Path=/; Expires=Thu, 01-Jan-70 00:00:00 GMT; Domain=.mediafire.com; HttpOnly; Secure; SameSite=None
set-cookie: cf_clearance=8wKl5gc8Z2OMT8cAkcUNm3sbut30magX8onFCLlwhnQ-1721421450-1.0.1.1-xy9IN73RXxPiadI6cTogvTLWNgrAvnDFQOMWJ5jjgQCtKrVJyxI2hRM56Sn_GuM7.tozbaM3IqlCwzQlL5OQ5A; Path=/; Expires=Sat, 19-Jul-25 20:37:30 GMT; Domain=.mediafire.com; HttpOnly; Secure; SameSite=None; Partitioned
server: cloudflare
cf-ray: 8a5d828099df9565-LHR
alt-svc: h3=":443"; ma=86400
POST

https://www.mediafire.com/cdn-cgi/challenge-platform/h/b/jsd/r/8a5d82791ef29565

msedge.exe

Remote address:

104.16.113.74:443

Request

POST /cdn-cgi/challenge-platform/h/b/jsd/r/8a5d82791ef29565 HTTP/2.0
host: www.mediafire.com
content-length: 14069
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: application/json
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ukey=zw9q7d8nbn2f9b5tvckzk3gimo1fruj3
cookie: dr_vehz5gm393ydtoz=1
cookie: __cf_bm=mmv0rjuqB6qiJsj6ItaIvkSGemeJTQLCLKawH2K_t2U-1721421448-1.0.1.1-xu4KePR.o8wiuj4PPjT7NlGWZpaC3ZPx2a_gaxQTfZnvnx81Y6Lx3qD1POlYAj_CnfkpJX73l5AzV3JwE0Ig.w
cookie: amp_28916b=IRYoKQ3-89ZhgQCqJF2M9U...1i36bdi0l.1i36bdi0n.0.1.1
cookie: cf_clearance=8wKl5gc8Z2OMT8cAkcUNm3sbut30magX8onFCLlwhnQ-1721421450-1.0.1.1-xy9IN73RXxPiadI6cTogvTLWNgrAvnDFQOMWJ5jjgQCtKrVJyxI2hRM56Sn_GuM7.tozbaM3IqlCwzQlL5OQ5A

Response

HTTP/2.0 200

date: Fri, 19 Jul 2024 20:37:30 GMT
content-type: text/plain; charset=UTF-8
content-length: 0
set-cookie: cf_clearance=; Path=/; Expires=Thu, 01-Jan-70 00:00:00 GMT; Domain=.mediafire.com; HttpOnly; Secure; SameSite=None
set-cookie: cf_clearance=gZI_Nvl5E_M0oPPt6u4Kwq_oo7dTxDr.IIBbTWE0g1I-1721421450-1.0.1.1-qV8ttaB5Ydjz6EUtl2nIN9peqkQAtDqSG0aOnwDOb3l6aUrZj.2hOq.ySS5NIzFOcjfSsLJXV1KV80Gji2u0Nw; Path=/; Expires=Sat, 19-Jul-25 20:37:30 GMT; Domain=.mediafire.com; HttpOnly; Secure; SameSite=None; Partitioned
server: cloudflare
cf-ray: 8a5d82816b379565-LHR
alt-svc: h3=":443"; ma=86400
POST

https://www.mediafire.com/cdn-cgi/challenge-platform/h/b/jsd/r/8a5d82791ef69565

msedge.exe

Remote address:

104.16.113.74:443

Request

POST /cdn-cgi/challenge-platform/h/b/jsd/r/8a5d82791ef69565 HTTP/2.0
host: www.mediafire.com
content-length: 14093
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: application/json
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ukey=zw9q7d8nbn2f9b5tvckzk3gimo1fruj3
cookie: dr_vehz5gm393ydtoz=1
cookie: __cf_bm=mmv0rjuqB6qiJsj6ItaIvkSGemeJTQLCLKawH2K_t2U-1721421448-1.0.1.1-xu4KePR.o8wiuj4PPjT7NlGWZpaC3ZPx2a_gaxQTfZnvnx81Y6Lx3qD1POlYAj_CnfkpJX73l5AzV3JwE0Ig.w
cookie: amp_28916b=IRYoKQ3-89ZhgQCqJF2M9U...1i36bdi0l.1i36bdi0n.0.1.1
cookie: cf_clearance=gZI_Nvl5E_M0oPPt6u4Kwq_oo7dTxDr.IIBbTWE0g1I-1721421450-1.0.1.1-qV8ttaB5Ydjz6EUtl2nIN9peqkQAtDqSG0aOnwDOb3l6aUrZj.2hOq.ySS5NIzFOcjfSsLJXV1KV80Gji2u0Nw
cookie: _ga_K68XP6D85D=GS1.1.1721421449.1.0.1721421449.60.0.0
cookie: _ga=GA1.1.1100413091.1721421450

Response

HTTP/2.0 200

date: Fri, 19 Jul 2024 20:37:30 GMT
content-type: text/plain; charset=UTF-8
content-length: 0
set-cookie: cf_clearance=; Path=/; Expires=Thu, 01-Jan-70 00:00:00 GMT; Domain=.mediafire.com; HttpOnly; Secure; SameSite=None
set-cookie: cf_clearance=KtmlrYBbPOIjfy7yWqemOhFUXY9SPfxOj81p3gnFt3w-1721421450-1.0.1.1-EhWST2.S3o1lY3dJ57ucBP.d1Z3INpLV8Qgm9umCkENN8dZ0oAIfYuYhguKaMAdw4NPPIZsi4UNgQdk3uMWa5A; Path=/; Expires=Sat, 19-Jul-25 20:37:30 GMT; Domain=.mediafire.com; HttpOnly; Secure; SameSite=None; Partitioned
server: cloudflare
cf-ray: 8a5d8282ddce9565-LHR
alt-svc: h3=":443"; ma=86400
POST

https://www.mediafire.com/cdn-cgi/challenge-platform/h/b/jsd/r/8a5d82791ef29565

msedge.exe

Remote address:

104.16.113.74:443

Request

POST /cdn-cgi/challenge-platform/h/b/jsd/r/8a5d82791ef29565 HTTP/2.0
host: www.mediafire.com
content-length: 14067
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: application/json
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ukey=zw9q7d8nbn2f9b5tvckzk3gimo1fruj3
cookie: dr_vehz5gm393ydtoz=1
cookie: __cf_bm=mmv0rjuqB6qiJsj6ItaIvkSGemeJTQLCLKawH2K_t2U-1721421448-1.0.1.1-xu4KePR.o8wiuj4PPjT7NlGWZpaC3ZPx2a_gaxQTfZnvnx81Y6Lx3qD1POlYAj_CnfkpJX73l5AzV3JwE0Ig.w
cookie: amp_28916b=IRYoKQ3-89ZhgQCqJF2M9U...1i36bdi0l.1i36bdi0n.0.1.1
cookie: _ga_K68XP6D85D=GS1.1.1721421449.1.0.1721421449.60.0.0
cookie: _ga=GA1.2.1100413091.1721421450
cookie: _gid=GA1.2.258467451.1721421450
cookie: _gat_gtag_UA_829541_1=1
cookie: cf_clearance=KtmlrYBbPOIjfy7yWqemOhFUXY9SPfxOj81p3gnFt3w-1721421450-1.0.1.1-EhWST2.S3o1lY3dJ57ucBP.d1Z3INpLV8Qgm9umCkENN8dZ0oAIfYuYhguKaMAdw4NPPIZsi4UNgQdk3uMWa5A

Response

HTTP/2.0 200

date: Fri, 19 Jul 2024 20:37:30 GMT
content-type: text/plain; charset=UTF-8
content-length: 0
set-cookie: cf_clearance=; Path=/; Expires=Thu, 01-Jan-70 00:00:00 GMT; Domain=.mediafire.com; HttpOnly; Secure; SameSite=None
set-cookie: cf_clearance=hXx0k_fxT_6REpcYRxdejMmUIK3UNlOkf2mN6Oufpuc-1721421450-1.0.1.1-HhhWeH2XtJipX4gC.b.RigTDIeYlk7stB59twr4hPsD_vCxWKuROcokV8UjYMyPB8vUETCUknBARwK_261PIgg; Path=/; Expires=Sat, 19-Jul-25 20:37:30 GMT; Domain=.mediafire.com; HttpOnly; Secure; SameSite=None; Partitioned
server: cloudflare
cf-ray: 8a5d8283df499565-LHR
alt-svc: h3=":443"; ma=86400
POST

https://www.mediafire.com/cdn-cgi/challenge-platform/h/b/jsd/r/8a5d82791ef29565

msedge.exe

Remote address:

104.16.113.74:443

Request

POST /cdn-cgi/challenge-platform/h/b/jsd/r/8a5d82791ef29565 HTTP/2.0
host: www.mediafire.com
content-length: 14067
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: application/json
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ukey=zw9q7d8nbn2f9b5tvckzk3gimo1fruj3
cookie: dr_vehz5gm393ydtoz=1
cookie: __cf_bm=mmv0rjuqB6qiJsj6ItaIvkSGemeJTQLCLKawH2K_t2U-1721421448-1.0.1.1-xu4KePR.o8wiuj4PPjT7NlGWZpaC3ZPx2a_gaxQTfZnvnx81Y6Lx3qD1POlYAj_CnfkpJX73l5AzV3JwE0Ig.w
cookie: amp_28916b=IRYoKQ3-89ZhgQCqJF2M9U...1i36bdi0l.1i36bdi0n.0.1.1
cookie: _ga_K68XP6D85D=GS1.1.1721421449.1.0.1721421449.60.0.0
cookie: _ga=GA1.2.1100413091.1721421450
cookie: _gid=GA1.2.258467451.1721421450
cookie: _gat_gtag_UA_829541_1=1
cookie: cf_clearance=hXx0k_fxT_6REpcYRxdejMmUIK3UNlOkf2mN6Oufpuc-1721421450-1.0.1.1-HhhWeH2XtJipX4gC.b.RigTDIeYlk7stB59twr4hPsD_vCxWKuROcokV8UjYMyPB8vUETCUknBARwK_261PIgg

Response

HTTP/2.0 200

date: Fri, 19 Jul 2024 20:37:31 GMT
content-type: text/plain; charset=UTF-8
content-length: 0
set-cookie: cf_clearance=; Path=/; Expires=Thu, 01-Jan-70 00:00:00 GMT; Domain=.mediafire.com; HttpOnly; Secure; SameSite=None
set-cookie: cf_clearance=QQZvdKHpkhnbmqYC7EAJU_Fi73FM85BT8VQ_hQYqUeE-1721421451-1.0.1.1-1mrhUKfh2q0uszTksYplgdI8EMwz.ZO5GX5ahfGKpd85niH_04rNmwzRHHA98x9mag2GxmoUWre9OcWLxQQm3A; Path=/; Expires=Sat, 19-Jul-25 20:37:31 GMT; Domain=.mediafire.com; HttpOnly; Secure; SameSite=None; Partitioned
server: cloudflare
cf-ray: 8a5d8284b8699565-LHR
alt-svc: h3=":443"; ma=86400
GET

https://static.mediafire.com/images/icons/svg_dark/arrow_dropdown.svg

msedge.exe

Remote address:

104.16.113.74:443

Request

GET /images/icons/svg_dark/arrow_dropdown.svg HTTP/2.0
host: static.mediafire.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://static.mediafire.com/css/mfv4_121931.php?ver=ssl&date=2024-07-19
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ukey=zw9q7d8nbn2f9b5tvckzk3gimo1fruj3
cookie: dr_vehz5gm393ydtoz=1
cookie: __cf_bm=mmv0rjuqB6qiJsj6ItaIvkSGemeJTQLCLKawH2K_t2U-1721421448-1.0.1.1-xu4KePR.o8wiuj4PPjT7NlGWZpaC3ZPx2a_gaxQTfZnvnx81Y6Lx3qD1POlYAj_CnfkpJX73l5AzV3JwE0Ig.w
cookie: amp_28916b=IRYoKQ3-89ZhgQCqJF2M9U...1i36bdi0l.1i36bdi0n.0.1.1
cookie: _ga_K68XP6D85D=GS1.1.1721421449.1.0.1721421449.60.0.0
cookie: _ga=GA1.2.1100413091.1721421450
cookie: _gid=GA1.2.258467451.1721421450
cookie: _gat_gtag_UA_829541_1=1
cookie: cf_clearance=QQZvdKHpkhnbmqYC7EAJU_Fi73FM85BT8VQ_hQYqUeE-1721421451-1.0.1.1-1mrhUKfh2q0uszTksYplgdI8EMwz.ZO5GX5ahfGKpd85niH_04rNmwzRHHA98x9mag2GxmoUWre9OcWLxQQm3A

Response

HTTP/2.0 200

date: Fri, 19 Jul 2024 20:37:31 GMT
content-type: image/svg+xml
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
etag: W/"62deda56-13b"
x-mf-env: liveApi
x-mf-fe: mf2
access-control-allow-origin: *
access-control-allow-methods: OPTIONS, POST, GET
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 2660
vary: Accept-Encoding
server: cloudflare
cf-ray: 8a5d8285ea369565-LHR
content-encoding: gzip
POST

https://www.mediafire.com/cdn-cgi/rum?

msedge.exe

Remote address:

104.16.113.74:443

Request

POST /cdn-cgi/rum? HTTP/2.0
host: www.mediafire.com
content-length: 1416
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: application/json
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/download_repair.php?flag=9&dkey=x4lw8p3316ugR2u52XkMiF3mLXmyAHMDPwKY8NfbCGOAz4xQFHxw8QE20WvIPIE8EPzy1BEFL3slKqTGxUZRQ8xVQe7tByQq5ipm%2DbgmBJio8o13pWQK9KzsTTU915X%2D9y5YgYbQIKFMwX4A0ajUgJB9MGKcppTD4wo1KF1iYr3B%2Dw&qkey=vehz5gm393ydtoz&ip=194%2E110%2E13%2E70
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ukey=zw9q7d8nbn2f9b5tvckzk3gimo1fruj3
cookie: dr_vehz5gm393ydtoz=1
cookie: __cf_bm=mmv0rjuqB6qiJsj6ItaIvkSGemeJTQLCLKawH2K_t2U-1721421448-1.0.1.1-xu4KePR.o8wiuj4PPjT7NlGWZpaC3ZPx2a_gaxQTfZnvnx81Y6Lx3qD1POlYAj_CnfkpJX73l5AzV3JwE0Ig.w
cookie: amp_28916b=IRYoKQ3-89ZhgQCqJF2M9U...1i36bdi0l.1i36bdi0n.0.1.1
cookie: _ga_K68XP6D85D=GS1.1.1721421449.1.0.1721421449.60.0.0
cookie: _ga=GA1.2.1100413091.1721421450
cookie: _gid=GA1.2.258467451.1721421450
cookie: _gat_gtag_UA_829541_1=1
cookie: cf_clearance=QQZvdKHpkhnbmqYC7EAJU_Fi73FM85BT8VQ_hQYqUeE-1721421451-1.0.1.1-1mrhUKfh2q0uszTksYplgdI8EMwz.ZO5GX5ahfGKpd85niH_04rNmwzRHHA98x9mag2GxmoUWre9OcWLxQQm3A

Response

HTTP/2.0 204

date: Fri, 19 Jul 2024 20:37:31 GMT
access-control-allow-origin: https://www.mediafire.com
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 8a5d82872bc19565-LHR
x-frame-options: DENY
x-content-type-options: nosniff
GET

https://www.mediafire.com/favicon.ico

msedge.exe

Remote address:

104.16.113.74:443

Request

GET /favicon.ico HTTP/2.0
host: www.mediafire.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.mediafire.com/download_repair.php?flag=9&dkey=x4lw8p3316ugR2u52XkMiF3mLXmyAHMDPwKY8NfbCGOAz4xQFHxw8QE20WvIPIE8EPzy1BEFL3slKqTGxUZRQ8xVQe7tByQq5ipm%2DbgmBJio8o13pWQK9KzsTTU915X%2D9y5YgYbQIKFMwX4A0ajUgJB9MGKcppTD4wo1KF1iYr3B%2Dw&qkey=vehz5gm393ydtoz&ip=194%2E110%2E13%2E70
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ukey=zw9q7d8nbn2f9b5tvckzk3gimo1fruj3
cookie: dr_vehz5gm393ydtoz=1
cookie: __cf_bm=mmv0rjuqB6qiJsj6ItaIvkSGemeJTQLCLKawH2K_t2U-1721421448-1.0.1.1-xu4KePR.o8wiuj4PPjT7NlGWZpaC3ZPx2a_gaxQTfZnvnx81Y6Lx3qD1POlYAj_CnfkpJX73l5AzV3JwE0Ig.w
cookie: amp_28916b=IRYoKQ3-89ZhgQCqJF2M9U...1i36bdi0l.1i36bdi0n.0.1.1
cookie: _ga_K68XP6D85D=GS1.1.1721421449.1.0.1721421449.60.0.0
cookie: _ga=GA1.2.1100413091.1721421450
cookie: _gid=GA1.2.258467451.1721421450
cookie: _gat_gtag_UA_829541_1=1
cookie: cf_clearance=QQZvdKHpkhnbmqYC7EAJU_Fi73FM85BT8VQ_hQYqUeE-1721421451-1.0.1.1-1mrhUKfh2q0uszTksYplgdI8EMwz.ZO5GX5ahfGKpd85niH_04rNmwzRHHA98x9mag2GxmoUWre9OcWLxQQm3A

Response

HTTP/2.0 200

date: Fri, 19 Jul 2024 20:37:31 GMT
content-type: image/x-icon
cf-ray: 8a5d82872bc99565-LHR
cf-cache-status: HIT
access-control-allow-origin: *
age: 191342
cache-control: max-age=2592000
etag: W/"62deda56-2a46"
expires: Sat, 10 Aug 2024 16:52:33 GMT
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
vary: Accept-Encoding
access-control-allow-methods: OPTIONS, POST, GET
alt-svc: h3=":443"; ma=86400
x-mf-env: liveApi
x-mf-fe: mf2
server: cloudflare
content-encoding: gzip
GET

https://static.mediafire.com/images/icons/svg_dark/loading_indeterminate.svg

msedge.exe

Remote address:

104.16.113.74:443

Request

GET /images/icons/svg_dark/loading_indeterminate.svg HTTP/2.0
host: static.mediafire.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://static.mediafire.com/css/mfv3_121931.php?ver=ssl
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ukey=zw9q7d8nbn2f9b5tvckzk3gimo1fruj3
cookie: dr_vehz5gm393ydtoz=1
cookie: __cf_bm=mmv0rjuqB6qiJsj6ItaIvkSGemeJTQLCLKawH2K_t2U-1721421448-1.0.1.1-xu4KePR.o8wiuj4PPjT7NlGWZpaC3ZPx2a_gaxQTfZnvnx81Y6Lx3qD1POlYAj_CnfkpJX73l5AzV3JwE0Ig.w
cookie: amp_28916b=IRYoKQ3-89ZhgQCqJF2M9U...1i36bdi0l.1i36bdi0n.0.1.1
cookie: _ga_K68XP6D85D=GS1.1.1721421449.1.0.1721421449.60.0.0
cookie: _ga=GA1.2.1100413091.1721421450
cookie: _gid=GA1.2.258467451.1721421450
cookie: _gat_gtag_UA_829541_1=1
cookie: cf_clearance=QQZvdKHpkhnbmqYC7EAJU_Fi73FM85BT8VQ_hQYqUeE-1721421451-1.0.1.1-1mrhUKfh2q0uszTksYplgdI8EMwz.ZO5GX5ahfGKpd85niH_04rNmwzRHHA98x9mag2GxmoUWre9OcWLxQQm3A

Response

HTTP/2.0 200

date: Fri, 19 Jul 2024 20:37:34 GMT
content-type: image/svg+xml
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
etag: W/"62deda56-23a"
x-mf-env: liveApi
x-mf-fe: mf1
access-control-allow-origin: *
access-control-allow-methods: OPTIONS, POST, GET
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 1840
vary: Accept-Encoding
server: cloudflare
cf-ray: 8a5d8299684f9565-LHR
content-encoding: gzip
GET

https://www.mediafire.com/file/vehz5gm393ydtoz/nitrogen.zip

msedge.exe

Remote address:

104.16.113.74:443

Request

GET /file/vehz5gm393ydtoz/nitrogen.zip HTTP/2.0
host: www.mediafire.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://www.mediafire.com/download_repair.php?flag=9&dkey=x4lw8p3316ugR2u52XkMiF3mLXmyAHMDPwKY8NfbCGOAz4xQFHxw8QE20WvIPIE8EPzy1BEFL3slKqTGxUZRQ8xVQe7tByQq5ipm%2DbgmBJio8o13pWQK9KzsTTU915X%2D9y5YgYbQIKFMwX4A0ajUgJB9MGKcppTD4wo1KF1iYr3B%2Dw&qkey=vehz5gm393ydtoz&ip=194%2E110%2E13%2E70
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ukey=zw9q7d8nbn2f9b5tvckzk3gimo1fruj3
cookie: dr_vehz5gm393ydtoz=1
cookie: __cf_bm=mmv0rjuqB6qiJsj6ItaIvkSGemeJTQLCLKawH2K_t2U-1721421448-1.0.1.1-xu4KePR.o8wiuj4PPjT7NlGWZpaC3ZPx2a_gaxQTfZnvnx81Y6Lx3qD1POlYAj_CnfkpJX73l5AzV3JwE0Ig.w
cookie: amp_28916b=IRYoKQ3-89ZhgQCqJF2M9U...1i36bdi0l.1i36bdi0n.0.1.1
cookie: _ga_K68XP6D85D=GS1.1.1721421449.1.0.1721421449.60.0.0
cookie: _ga=GA1.2.1100413091.1721421450
cookie: _gid=GA1.2.258467451.1721421450
cookie: _gat_gtag_UA_829541_1=1
cookie: cf_clearance=QQZvdKHpkhnbmqYC7EAJU_Fi73FM85BT8VQ_hQYqUeE-1721421451-1.0.1.1-1mrhUKfh2q0uszTksYplgdI8EMwz.ZO5GX5ahfGKpd85niH_04rNmwzRHHA98x9mag2GxmoUWre9OcWLxQQm3A

Response

HTTP/2.0 200

date: Fri, 19 Jul 2024 20:37:37 GMT
content-type: text/html; charset=UTF-8
cf-ray: 8a5d82a8fe2e9565-LHR
cf-cache-status: DYNAMIC
access-control-allow-origin: https://www.mediafire.com
cache-control: no-cache, no-store, must-revalidate, max-age=0, post-check=0, pre-check=0
expires: 0
set-cookie: conv_tracking_data-2=%7B%22mf_source%22%3A%22regular_download-59%22%2C%22mf_content%22%3A%22Free%22%2C%22mf_medium%22%3A%22windows%5C%2FEdge%22%2C%22mf_campaign%22%3A%22vehz5gm393ydtoz%22%2C%22mf_term%22%3A%2246e963f0b3db8b86ea14a82ad50a6e0b%22%7D; expires=Sun, 18-Aug-2024 20:37:37 GMT; Max-Age=2592000; path=/; domain=.mediafire.com
strict-transport-security: max-age=0
access-control-allow-methods: OPTIONS, POST, GET
alt-svc: h3=":443"; ma=86400
pragma: no-cache
x-frame-options: SAMEORIGIN
x-mf-env: liveApi
x-mf-fe: mf2
x-robots-tag: noindex, nofollow
vary: Accept-Encoding
server: cloudflare
content-encoding: gzip
POST

https://www.mediafire.com/cdn-cgi/rum?

msedge.exe

Remote address:

104.16.113.74:443

Request

POST /cdn-cgi/rum? HTTP/2.0
host: www.mediafire.com
content-length: 988
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: application/json
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/download_repair.php?flag=9&dkey=x4lw8p3316ugR2u52XkMiF3mLXmyAHMDPwKY8NfbCGOAz4xQFHxw8QE20WvIPIE8EPzy1BEFL3slKqTGxUZRQ8xVQe7tByQq5ipm%2DbgmBJio8o13pWQK9KzsTTU915X%2D9y5YgYbQIKFMwX4A0ajUgJB9MGKcppTD4wo1KF1iYr3B%2Dw&qkey=vehz5gm393ydtoz&ip=194%2E110%2E13%2E70
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ukey=zw9q7d8nbn2f9b5tvckzk3gimo1fruj3
cookie: dr_vehz5gm393ydtoz=1
cookie: __cf_bm=mmv0rjuqB6qiJsj6ItaIvkSGemeJTQLCLKawH2K_t2U-1721421448-1.0.1.1-xu4KePR.o8wiuj4PPjT7NlGWZpaC3ZPx2a_gaxQTfZnvnx81Y6Lx3qD1POlYAj_CnfkpJX73l5AzV3JwE0Ig.w
cookie: amp_28916b=IRYoKQ3-89ZhgQCqJF2M9U...1i36bdi0l.1i36bdi0n.0.1.1
cookie: _ga=GA1.2.1100413091.1721421450
cookie: _gid=GA1.2.258467451.1721421450
cookie: _gat_gtag_UA_829541_1=1
cookie: cf_clearance=QQZvdKHpkhnbmqYC7EAJU_Fi73FM85BT8VQ_hQYqUeE-1721421451-1.0.1.1-1mrhUKfh2q0uszTksYplgdI8EMwz.ZO5GX5ahfGKpd85niH_04rNmwzRHHA98x9mag2GxmoUWre9OcWLxQQm3A
cookie: conv_tracking_data-2=%7B%22mf_source%22%3A%22regular_download-59%22%2C%22mf_content%22%3A%22Free%22%2C%22mf_medium%22%3A%22windows%5C%2FEdge%22%2C%22mf_campaign%22%3A%22vehz5gm393ydtoz%22%2C%22mf_term%22%3A%2246e963f0b3db8b86ea14a82ad50a6e0b%22%7D
cookie: _ga_K68XP6D85D=GS1.1.1721421449.1.0.1721421456.53.0.0

Response

HTTP/2.0 204

date: Fri, 19 Jul 2024 20:37:37 GMT
access-control-allow-origin: https://www.mediafire.com
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 8a5d82abea689565-LHR
x-frame-options: DENY
x-content-type-options: nosniff
GET

https://static.mediafire.com/images/backgrounds/header/mf_logo_full_color.svg

msedge.exe

Remote address:

104.16.113.74:443

Request

GET /images/backgrounds/header/mf_logo_full_color.svg HTTP/2.0
host: static.mediafire.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ukey=zw9q7d8nbn2f9b5tvckzk3gimo1fruj3
cookie: dr_vehz5gm393ydtoz=1
cookie: __cf_bm=mmv0rjuqB6qiJsj6ItaIvkSGemeJTQLCLKawH2K_t2U-1721421448-1.0.1.1-xu4KePR.o8wiuj4PPjT7NlGWZpaC3ZPx2a_gaxQTfZnvnx81Y6Lx3qD1POlYAj_CnfkpJX73l5AzV3JwE0Ig.w
cookie: amp_28916b=IRYoKQ3-89ZhgQCqJF2M9U...1i36bdi0l.1i36bdi0n.0.1.1
cookie: _ga=GA1.2.1100413091.1721421450
cookie: _gid=GA1.2.258467451.1721421450
cookie: _gat_gtag_UA_829541_1=1
cookie: cf_clearance=QQZvdKHpkhnbmqYC7EAJU_Fi73FM85BT8VQ_hQYqUeE-1721421451-1.0.1.1-1mrhUKfh2q0uszTksYplgdI8EMwz.ZO5GX5ahfGKpd85niH_04rNmwzRHHA98x9mag2GxmoUWre9OcWLxQQm3A
cookie: conv_tracking_data-2=%7B%22mf_source%22%3A%22regular_download-59%22%2C%22mf_content%22%3A%22Free%22%2C%22mf_medium%22%3A%22windows%5C%2FEdge%22%2C%22mf_campaign%22%3A%22vehz5gm393ydtoz%22%2C%22mf_term%22%3A%2246e963f0b3db8b86ea14a82ad50a6e0b%22%7D
cookie: _ga_K68XP6D85D=GS1.1.1721421449.1.0.1721421456.53.0.0

Response

HTTP/2.0 200

date: Fri, 19 Jul 2024 20:37:37 GMT
content-type: image/png
content-length: 1872
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
etag: "62deda56-750"
expires: Sun, 18 Aug 2024 15:56:44 GMT
cache-control: max-age=2592000
x-mf-env: liveApi
x-mf-fe: mf2
access-control-allow-origin: *
access-control-allow-methods: OPTIONS, POST, GET
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 4144
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8a5d82ae6de89565-LHR
GET

https://static.mediafire.com/images/filetype/file-zip-v3.png

msedge.exe

Remote address:

104.16.113.74:443

Request

GET /images/filetype/file-zip-v3.png HTTP/2.0
host: static.mediafire.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ukey=zw9q7d8nbn2f9b5tvckzk3gimo1fruj3
cookie: dr_vehz5gm393ydtoz=1
cookie: __cf_bm=mmv0rjuqB6qiJsj6ItaIvkSGemeJTQLCLKawH2K_t2U-1721421448-1.0.1.1-xu4KePR.o8wiuj4PPjT7NlGWZpaC3ZPx2a_gaxQTfZnvnx81Y6Lx3qD1POlYAj_CnfkpJX73l5AzV3JwE0Ig.w
cookie: amp_28916b=IRYoKQ3-89ZhgQCqJF2M9U...1i36bdi0l.1i36bdi0n.0.1.1
cookie: _ga=GA1.2.1100413091.1721421450
cookie: _gid=GA1.2.258467451.1721421450
cookie: _gat_gtag_UA_829541_1=1
cookie: cf_clearance=QQZvdKHpkhnbmqYC7EAJU_Fi73FM85BT8VQ_hQYqUeE-1721421451-1.0.1.1-1mrhUKfh2q0uszTksYplgdI8EMwz.ZO5GX5ahfGKpd85niH_04rNmwzRHHA98x9mag2GxmoUWre9OcWLxQQm3A
cookie: conv_tracking_data-2=%7B%22mf_source%22%3A%22regular_download-59%22%2C%22mf_content%22%3A%22Free%22%2C%22mf_medium%22%3A%22windows%5C%2FEdge%22%2C%22mf_campaign%22%3A%22vehz5gm393ydtoz%22%2C%22mf_term%22%3A%2246e963f0b3db8b86ea14a82ad50a6e0b%22%7D
cookie: _ga_K68XP6D85D=GS1.1.1721421449.1.0.1721421456.53.0.0

Response

HTTP/2.0 200

date: Fri, 19 Jul 2024 20:37:37 GMT
content-type: image/svg+xml
last-modified: Fri, 28 Oct 2016 22:22:42 GMT
etag: W/"5813cfb2-d1d"
x-mf-env: liveApi
x-mf-fe: mf2
access-control-allow-origin: *
access-control-allow-methods: OPTIONS, POST, GET
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 1135
vary: Accept-Encoding
server: cloudflare
cf-ray: 8a5d82ae6de59565-LHR
content-encoding: gzip
GET

https://www.mediafire.com/images/icons/svg_light/icons_sprite.svg

msedge.exe

Remote address:

104.16.113.74:443

Request

GET /images/icons/svg_light/icons_sprite.svg HTTP/2.0
host: www.mediafire.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.mediafire.com/file/vehz5gm393ydtoz/nitrogen.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ukey=zw9q7d8nbn2f9b5tvckzk3gimo1fruj3
cookie: dr_vehz5gm393ydtoz=1
cookie: __cf_bm=mmv0rjuqB6qiJsj6ItaIvkSGemeJTQLCLKawH2K_t2U-1721421448-1.0.1.1-xu4KePR.o8wiuj4PPjT7NlGWZpaC3ZPx2a_gaxQTfZnvnx81Y6Lx3qD1POlYAj_CnfkpJX73l5AzV3JwE0Ig.w
cookie: amp_28916b=IRYoKQ3-89ZhgQCqJF2M9U...1i36bdi0l.1i36bdi0n.0.1.1
cookie: _ga=GA1.2.1100413091.1721421450
cookie: _gid=GA1.2.258467451.1721421450
cookie: _gat_gtag_UA_829541_1=1
cookie: cf_clearance=QQZvdKHpkhnbmqYC7EAJU_Fi73FM85BT8VQ_hQYqUeE-1721421451-1.0.1.1-1mrhUKfh2q0uszTksYplgdI8EMwz.ZO5GX5ahfGKpd85niH_04rNmwzRHHA98x9mag2GxmoUWre9OcWLxQQm3A
cookie: conv_tracking_data-2=%7B%22mf_source%22%3A%22regular_download-59%22%2C%22mf_content%22%3A%22Free%22%2C%22mf_medium%22%3A%22windows%5C%2FEdge%22%2C%22mf_campaign%22%3A%22vehz5gm393ydtoz%22%2C%22mf_term%22%3A%2246e963f0b3db8b86ea14a82ad50a6e0b%22%7D
cookie: _ga_K68XP6D85D=GS1.1.1721421449.1.0.1721421456.53.0.0

Response

HTTP/2.0 200

date: Fri, 19 Jul 2024 20:37:37 GMT
content-type: image/svg+xml
cf-ray: 8a5d82ae6de99565-LHR
cf-cache-status: HIT
access-control-allow-origin: *
age: 2282
etag: W/"62deda56-90ab"
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
vary: Accept-Encoding
access-control-allow-methods: OPTIONS, POST, GET
alt-svc: h3=":443"; ma=86400
x-mf-env: liveApi
x-mf-fe: mf2
server: cloudflare
content-encoding: gzip
GET

https://static.mediafire.com/images/backgrounds/download/apps_list_sprite-v6.png

msedge.exe

Remote address:

104.16.113.74:443

Request

GET /images/backgrounds/download/apps_list_sprite-v6.png HTTP/2.0
host: static.mediafire.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ukey=zw9q7d8nbn2f9b5tvckzk3gimo1fruj3
cookie: dr_vehz5gm393ydtoz=1
cookie: __cf_bm=mmv0rjuqB6qiJsj6ItaIvkSGemeJTQLCLKawH2K_t2U-1721421448-1.0.1.1-xu4KePR.o8wiuj4PPjT7NlGWZpaC3ZPx2a_gaxQTfZnvnx81Y6Lx3qD1POlYAj_CnfkpJX73l5AzV3JwE0Ig.w
cookie: amp_28916b=IRYoKQ3-89ZhgQCqJF2M9U...1i36bdi0l.1i36bdi0n.0.1.1
cookie: _ga=GA1.2.1100413091.1721421450
cookie: _gid=GA1.2.258467451.1721421450
cookie: _gat_gtag_UA_829541_1=1
cookie: cf_clearance=QQZvdKHpkhnbmqYC7EAJU_Fi73FM85BT8VQ_hQYqUeE-1721421451-1.0.1.1-1mrhUKfh2q0uszTksYplgdI8EMwz.ZO5GX5ahfGKpd85niH_04rNmwzRHHA98x9mag2GxmoUWre9OcWLxQQm3A
cookie: conv_tracking_data-2=%7B%22mf_source%22%3A%22regular_download-59%22%2C%22mf_content%22%3A%22Free%22%2C%22mf_medium%22%3A%22windows%5C%2FEdge%22%2C%22mf_campaign%22%3A%22vehz5gm393ydtoz%22%2C%22mf_term%22%3A%2246e963f0b3db8b86ea14a82ad50a6e0b%22%7D
cookie: _ga_K68XP6D85D=GS1.1.1721421449.1.0.1721421456.53.0.0

Response

HTTP/2.0 200

date: Fri, 19 Jul 2024 20:37:37 GMT
content-type: image/png
content-length: 8145
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
etag: "62deda56-1fd1"
expires: Sun, 18 Aug 2024 16:11:30 GMT
cache-control: max-age=2592000
x-mf-env: liveApi
x-mf-fe: mf2
access-control-allow-origin: *
access-control-allow-methods: OPTIONS, POST, GET
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 2147
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8a5d82ae8e059565-LHR
GET

https://www.mediafire.com/images/icons/svg_dark/arrow_dropdown.svg

msedge.exe

Remote address:

104.16.113.74:443

Request

GET /images/icons/svg_dark/arrow_dropdown.svg HTTP/2.0
host: www.mediafire.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.mediafire.com/file/vehz5gm393ydtoz/nitrogen.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ukey=zw9q7d8nbn2f9b5tvckzk3gimo1fruj3
cookie: dr_vehz5gm393ydtoz=1
cookie: __cf_bm=mmv0rjuqB6qiJsj6ItaIvkSGemeJTQLCLKawH2K_t2U-1721421448-1.0.1.1-xu4KePR.o8wiuj4PPjT7NlGWZpaC3ZPx2a_gaxQTfZnvnx81Y6Lx3qD1POlYAj_CnfkpJX73l5AzV3JwE0Ig.w
cookie: amp_28916b=IRYoKQ3-89ZhgQCqJF2M9U...1i36bdi0l.1i36bdi0n.0.1.1
cookie: _ga=GA1.2.1100413091.1721421450
cookie: _gid=GA1.2.258467451.1721421450
cookie: _gat_gtag_UA_829541_1=1
cookie: cf_clearance=QQZvdKHpkhnbmqYC7EAJU_Fi73FM85BT8VQ_hQYqUeE-1721421451-1.0.1.1-1mrhUKfh2q0uszTksYplgdI8EMwz.ZO5GX5ahfGKpd85niH_04rNmwzRHHA98x9mag2GxmoUWre9OcWLxQQm3A
cookie: conv_tracking_data-2=%7B%22mf_source%22%3A%22regular_download-59%22%2C%22mf_content%22%3A%22Free%22%2C%22mf_medium%22%3A%22windows%5C%2FEdge%22%2C%22mf_campaign%22%3A%22vehz5gm393ydtoz%22%2C%22mf_term%22%3A%2246e963f0b3db8b86ea14a82ad50a6e0b%22%7D
cookie: _ga_K68XP6D85D=GS1.1.1721421449.1.0.1721421456.53.0.0

Response

HTTP/2.0 200

date: Fri, 19 Jul 2024 20:37:37 GMT
content-type: image/svg+xml
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
etag: W/"62deda56-1bc"
x-mf-env: liveApi
x-mf-fe: mf2
access-control-allow-origin: *
access-control-allow-methods: OPTIONS, POST, GET
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 3202
vary: Accept-Encoding
server: cloudflare
cf-ray: 8a5d82ae8e0a9565-LHR
content-encoding: gzip
GET

https://static.mediafire.com/images/icons/svg_dark/check_circle_green.svg

msedge.exe

Remote address:

104.16.113.74:443

Request

GET /images/icons/svg_dark/check_circle_green.svg HTTP/2.0
host: static.mediafire.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ukey=zw9q7d8nbn2f9b5tvckzk3gimo1fruj3
cookie: dr_vehz5gm393ydtoz=1
cookie: __cf_bm=mmv0rjuqB6qiJsj6ItaIvkSGemeJTQLCLKawH2K_t2U-1721421448-1.0.1.1-xu4KePR.o8wiuj4PPjT7NlGWZpaC3ZPx2a_gaxQTfZnvnx81Y6Lx3qD1POlYAj_CnfkpJX73l5AzV3JwE0Ig.w
cookie: amp_28916b=IRYoKQ3-89ZhgQCqJF2M9U...1i36bdi0l.1i36bdi0n.0.1.1
cookie: _ga=GA1.2.1100413091.1721421450
cookie: _gid=GA1.2.258467451.1721421450
cookie: _gat_gtag_UA_829541_1=1
cookie: cf_clearance=QQZvdKHpkhnbmqYC7EAJU_Fi73FM85BT8VQ_hQYqUeE-1721421451-1.0.1.1-1mrhUKfh2q0uszTksYplgdI8EMwz.ZO5GX5ahfGKpd85niH_04rNmwzRHHA98x9mag2GxmoUWre9OcWLxQQm3A
cookie: conv_tracking_data-2=%7B%22mf_source%22%3A%22regular_download-59%22%2C%22mf_content%22%3A%22Free%22%2C%22mf_medium%22%3A%22windows%5C%2FEdge%22%2C%22mf_campaign%22%3A%22vehz5gm393ydtoz%22%2C%22mf_term%22%3A%2246e963f0b3db8b86ea14a82ad50a6e0b%22%7D
cookie: _ga_K68XP6D85D=GS1.1.1721421449.1.0.1721421456.53.0.0

Response

HTTP/2.0 200

date: Fri, 19 Jul 2024 20:37:37 GMT
content-type: image/svg+xml
cf-ray: 8a5d82ae8e079565-LHR
cf-cache-status: HIT
access-control-allow-origin: *
age: 3248
etag: W/"62deda56-13b"
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
vary: Accept-Encoding
access-control-allow-methods: OPTIONS, POST, GET
alt-svc: h3=":443"; ma=86400
x-mf-env: liveApi
x-mf-fe: mf2
server: cloudflare
content-encoding: gzip
GET

https://static.mediafire.com/images/backgrounds/download/social/fb_16x16.png

msedge.exe

Remote address:

104.16.113.74:443

Request

GET /images/backgrounds/download/social/fb_16x16.png HTTP/2.0
host: static.mediafire.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ukey=zw9q7d8nbn2f9b5tvckzk3gimo1fruj3
cookie: dr_vehz5gm393ydtoz=1
cookie: __cf_bm=mmv0rjuqB6qiJsj6ItaIvkSGemeJTQLCLKawH2K_t2U-1721421448-1.0.1.1-xu4KePR.o8wiuj4PPjT7NlGWZpaC3ZPx2a_gaxQTfZnvnx81Y6Lx3qD1POlYAj_CnfkpJX73l5AzV3JwE0Ig.w
cookie: amp_28916b=IRYoKQ3-89ZhgQCqJF2M9U...1i36bdi0l.1i36bdi0n.0.1.1
cookie: _ga=GA1.2.1100413091.1721421450
cookie: _gid=GA1.2.258467451.1721421450
cookie: _gat_gtag_UA_829541_1=1
cookie: cf_clearance=QQZvdKHpkhnbmqYC7EAJU_Fi73FM85BT8VQ_hQYqUeE-1721421451-1.0.1.1-1mrhUKfh2q0uszTksYplgdI8EMwz.ZO5GX5ahfGKpd85niH_04rNmwzRHHA98x9mag2GxmoUWre9OcWLxQQm3A
cookie: conv_tracking_data-2=%7B%22mf_source%22%3A%22regular_download-59%22%2C%22mf_content%22%3A%22Free%22%2C%22mf_medium%22%3A%22windows%5C%2FEdge%22%2C%22mf_campaign%22%3A%22vehz5gm393ydtoz%22%2C%22mf_term%22%3A%2246e963f0b3db8b86ea14a82ad50a6e0b%22%7D
cookie: _ga_K68XP6D85D=GS1.1.1721421449.1.0.1721421456.53.0.0

Response

HTTP/2.0 200

date: Fri, 19 Jul 2024 20:37:37 GMT
content-type: image/png
content-length: 181
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
etag: "62deda56-b5"
expires: Sun, 18 Aug 2024 16:20:14 GMT
cache-control: max-age=2592000
x-mf-env: liveApi
x-mf-fe: mf2
access-control-allow-origin: *
access-control-allow-methods: OPTIONS, POST, GET
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 2336
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8a5d82aece5d9565-LHR
GET

https://static.mediafire.com/images/backgrounds/footer/social/footerIcons.png

msedge.exe

Remote address:

104.16.113.74:443

Request

GET /images/backgrounds/footer/social/footerIcons.png HTTP/2.0
host: static.mediafire.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ukey=zw9q7d8nbn2f9b5tvckzk3gimo1fruj3
cookie: dr_vehz5gm393ydtoz=1
cookie: __cf_bm=mmv0rjuqB6qiJsj6ItaIvkSGemeJTQLCLKawH2K_t2U-1721421448-1.0.1.1-xu4KePR.o8wiuj4PPjT7NlGWZpaC3ZPx2a_gaxQTfZnvnx81Y6Lx3qD1POlYAj_CnfkpJX73l5AzV3JwE0Ig.w
cookie: amp_28916b=IRYoKQ3-89ZhgQCqJF2M9U...1i36bdi0l.1i36bdi0n.0.1.1
cookie: _ga=GA1.2.1100413091.1721421450
cookie: _gid=GA1.2.258467451.1721421450
cookie: _gat_gtag_UA_829541_1=1
cookie: cf_clearance=QQZvdKHpkhnbmqYC7EAJU_Fi73FM85BT8VQ_hQYqUeE-1721421451-1.0.1.1-1mrhUKfh2q0uszTksYplgdI8EMwz.ZO5GX5ahfGKpd85niH_04rNmwzRHHA98x9mag2GxmoUWre9OcWLxQQm3A
cookie: conv_tracking_data-2=%7B%22mf_source%22%3A%22regular_download-59%22%2C%22mf_content%22%3A%22Free%22%2C%22mf_medium%22%3A%22windows%5C%2FEdge%22%2C%22mf_campaign%22%3A%22vehz5gm393ydtoz%22%2C%22mf_term%22%3A%2246e963f0b3db8b86ea14a82ad50a6e0b%22%7D
cookie: _ga_K68XP6D85D=GS1.1.1721421449.1.0.1721421456.53.0.0

Response

HTTP/2.0 200

date: Fri, 19 Jul 2024 20:37:37 GMT
content-type: image/png
content-length: 583
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
etag: "62deda56-247"
expires: Sun, 18 Aug 2024 18:44:38 GMT
cache-control: max-age=2592000
x-mf-env: liveApi
x-mf-fe: mf1
access-control-allow-origin: *
access-control-allow-methods: OPTIONS, POST, GET
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 1737
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8a5d82af3ee09565-LHR
GET

https://www.mediafire.com/js/prebid8.10.0.js

msedge.exe

Remote address:

104.16.113.74:443

Request

GET /js/prebid8.10.0.js HTTP/2.0
host: www.mediafire.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.mediafire.com/file/vehz5gm393ydtoz/nitrogen.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ukey=zw9q7d8nbn2f9b5tvckzk3gimo1fruj3
cookie: dr_vehz5gm393ydtoz=1
cookie: __cf_bm=mmv0rjuqB6qiJsj6ItaIvkSGemeJTQLCLKawH2K_t2U-1721421448-1.0.1.1-xu4KePR.o8wiuj4PPjT7NlGWZpaC3ZPx2a_gaxQTfZnvnx81Y6Lx3qD1POlYAj_CnfkpJX73l5AzV3JwE0Ig.w
cookie: _gid=GA1.2.258467451.1721421450
cookie: _gat_gtag_UA_829541_1=1
cookie: cf_clearance=QQZvdKHpkhnbmqYC7EAJU_Fi73FM85BT8VQ_hQYqUeE-1721421451-1.0.1.1-1mrhUKfh2q0uszTksYplgdI8EMwz.ZO5GX5ahfGKpd85niH_04rNmwzRHHA98x9mag2GxmoUWre9OcWLxQQm3A
cookie: conv_tracking_data-2=%7B%22mf_source%22%3A%22regular_download-59%22%2C%22mf_content%22%3A%22Free%22%2C%22mf_medium%22%3A%22windows%5C%2FEdge%22%2C%22mf_campaign%22%3A%22vehz5gm393ydtoz%22%2C%22mf_term%22%3A%2246e963f0b3db8b86ea14a82ad50a6e0b%22%7D
cookie: amp_28916b=IRYoKQ3-89ZhgQCqJF2M9U...1i36bdi0l.1i36bdpp0.0.2.2
cookie: ezoab_484470=mod1-c
cookie: ezoadgid_484470=-1
cookie: ezosuibasgeneris-1=91b3a151-5aa5-4ae3-4dc6-4814d316d404
cookie: lp_484470=https://www.mediafire.com/file/vehz5gm393ydtoz/nitrogen.zip
cookie: ezovuuidtime_484470=1721421458
cookie: ezovuuid_484470=7ed64333-bb55-480f-4edb-e9e6a54db74e
cookie: ezoref_484470=
cookie: active_template::484470=orig_site.1721421458
cookie: ezopvc_484470=1
cookie: ezstandaloneuser=false
cookie: _ga_K68XP6D85D=GS1.1.1721421449.1.1.1721421457.52.0.0
cookie: _ga=GA1.1.1100413091.1721421450

Response

HTTP/2.0 200

date: Fri, 19 Jul 2024 20:37:38 GMT
content-type: application/x-javascript
cf-ray: 8a5d82b119459565-LHR
cf-cache-status: HIT
access-control-allow-origin: *
age: 1234
cache-control: max-age=2592000
content-encoding: gzip
etag: W/"64ecb639-40a99"
expires: Sun, 18 Aug 2024 19:45:55 GMT
last-modified: Mon, 28 Aug 2023 14:59:05 GMT
vary: Accept-Encoding
access-control-allow-methods: OPTIONS, POST, GET
alt-svc: h3=":443"; ma=86400
x-mf-env: liveApi
x-mf-fe: mf1
server: cloudflare
POST

https://www.mediafire.com/cdn-cgi/rum?

msedge.exe

Remote address:

104.16.113.74:443

Request

POST /cdn-cgi/rum? HTTP/2.0
host: www.mediafire.com
content-length: 1471
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: application/json
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/file/vehz5gm393ydtoz/nitrogen.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ukey=zw9q7d8nbn2f9b5tvckzk3gimo1fruj3
cookie: dr_vehz5gm393ydtoz=1
cookie: __cf_bm=mmv0rjuqB6qiJsj6ItaIvkSGemeJTQLCLKawH2K_t2U-1721421448-1.0.1.1-xu4KePR.o8wiuj4PPjT7NlGWZpaC3ZPx2a_gaxQTfZnvnx81Y6Lx3qD1POlYAj_CnfkpJX73l5AzV3JwE0Ig.w
cookie: _gid=GA1.2.258467451.1721421450
cookie: _gat_gtag_UA_829541_1=1
cookie: cf_clearance=QQZvdKHpkhnbmqYC7EAJU_Fi73FM85BT8VQ_hQYqUeE-1721421451-1.0.1.1-1mrhUKfh2q0uszTksYplgdI8EMwz.ZO5GX5ahfGKpd85niH_04rNmwzRHHA98x9mag2GxmoUWre9OcWLxQQm3A
cookie: conv_tracking_data-2=%7B%22mf_source%22%3A%22regular_download-59%22%2C%22mf_content%22%3A%22Free%22%2C%22mf_medium%22%3A%22windows%5C%2FEdge%22%2C%22mf_campaign%22%3A%22vehz5gm393ydtoz%22%2C%22mf_term%22%3A%2246e963f0b3db8b86ea14a82ad50a6e0b%22%7D
cookie: amp_28916b=IRYoKQ3-89ZhgQCqJF2M9U...1i36bdi0l.1i36bdpp0.0.2.2
cookie: ezoab_484470=mod1-c
cookie: ezoadgid_484470=-1
cookie: ezosuibasgeneris-1=91b3a151-5aa5-4ae3-4dc6-4814d316d404
cookie: lp_484470=https://www.mediafire.com/file/vehz5gm393ydtoz/nitrogen.zip
cookie: ezovuuidtime_484470=1721421458
cookie: ezovuuid_484470=7ed64333-bb55-480f-4edb-e9e6a54db74e
cookie: ezoref_484470=
cookie: active_template::484470=orig_site.1721421458
cookie: ezopvc_484470=1
cookie: ezstandaloneuser=false
cookie: _ga_K68XP6D85D=GS1.1.1721421449.1.1.1721421457.52.0.0
cookie: _ga=GA1.1.1100413091.1721421450

Response

HTTP/2.0 204

date: Fri, 19 Jul 2024 20:37:39 GMT
access-control-allow-origin: https://www.mediafire.com
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 8a5d82b799329565-LHR
x-frame-options: DENY
x-content-type-options: nosniff
POST

https://www.mediafire.com/cdn-cgi/rum?

msedge.exe

Remote address:

104.16.113.74:443

Request

POST /cdn-cgi/rum? HTTP/2.0
host: www.mediafire.com
content-length: 1203
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: application/json
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/file/vehz5gm393ydtoz/nitrogen.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ukey=zw9q7d8nbn2f9b5tvckzk3gimo1fruj3
cookie: dr_vehz5gm393ydtoz=1
cookie: __cf_bm=mmv0rjuqB6qiJsj6ItaIvkSGemeJTQLCLKawH2K_t2U-1721421448-1.0.1.1-xu4KePR.o8wiuj4PPjT7NlGWZpaC3ZPx2a_gaxQTfZnvnx81Y6Lx3qD1POlYAj_CnfkpJX73l5AzV3JwE0Ig.w
cookie: _gid=GA1.2.258467451.1721421450
cookie: _gat_gtag_UA_829541_1=1
cookie: cf_clearance=QQZvdKHpkhnbmqYC7EAJU_Fi73FM85BT8VQ_hQYqUeE-1721421451-1.0.1.1-1mrhUKfh2q0uszTksYplgdI8EMwz.ZO5GX5ahfGKpd85niH_04rNmwzRHHA98x9mag2GxmoUWre9OcWLxQQm3A
cookie: conv_tracking_data-2=%7B%22mf_source%22%3A%22regular_download-59%22%2C%22mf_content%22%3A%22Free%22%2C%22mf_medium%22%3A%22windows%5C%2FEdge%22%2C%22mf_campaign%22%3A%22vehz5gm393ydtoz%22%2C%22mf_term%22%3A%2246e963f0b3db8b86ea14a82ad50a6e0b%22%7D
cookie: amp_28916b=IRYoKQ3-89ZhgQCqJF2M9U...1i36bdi0l.1i36bdpp0.0.2.2
cookie: ezoab_484470=mod1-c
cookie: ezoadgid_484470=-1
cookie: ezovuuidtime_484470=1721421458
cookie: ezovuuid_484470=7ed64333-bb55-480f-4edb-e9e6a54db74e
cookie: ezoref_484470=
cookie: active_template::484470=orig_site.1721421458
cookie: ezopvc_484470=1
cookie: lp_484470=https://www.mediafire.com/file/vehz5gm393ydtoz/nitrogen.zip
cookie: ezosuibasgeneris-1=91b3a151-5aa5-4ae3-4dc6-4814d316d404
cookie: ezstandaloneuser=false
cookie: _ga=GA1.1.1100413091.1721421450
cookie: ez-consent-tcf=CQCAL0AQCAL0AErAJJENA9EsAP_gAEPgACiQKVtV_G__bWlr8X73aftkeY1P9_h77sQxBhfJE-4FzLvW_JwXx2ExNA36tqIKmRIAu3bBIQNlHJDUTVCgaogVryDMak2coTNKJ6BkiFMRO2dYCF5vmwtj-QKY5vr993dx2B-t_dr83dzyz4VHn3a5_2a0WJCdA5-tDfv9bROb-9IOd_58v4v8_F_rE2_eT1l_tevp7D9-cts79XW-9_fff79Ln_-mB_-CkoBZhoVEAZZEhIQaBhBAgBUFYQEUCAAAAEgaICAEwYFOwMAl1hIgBACgAGCAEAAKMgAQAACQAIRABAAUCAACAQKAAMACAYCABgYAAwAWAgEAAIDoEKYEECgWACRmREKYEIQCQQEtlQgkAQIK4QhFngQQCImCgAABIAKwABAWCwOJJASsSCBLiDaAAAgAQCCACoRSdmAIIAzZaq8WTaMrSAtHzBe9pgAA.YAAAAAAAAAAA
cookie: _cc_id=8a836164086ce8786b19a1d60ff9f4c6
cookie: panoramaId_expiry=1721507861015
cookie: __gads=ID=b1855556bdd128f2:T=1721421460:RT=1721421460:S=ALNI_MbM_j2r7daXPihzXv-f-mIvwd1wKg
cookie: __gpi=UID=00000e9746c66e10:T=1721421460:RT=1721421460:S=ALNI_Maao35CUW9JF_J0mFSaVbqBsIifRA
cookie: __eoi=ID=62aa6a3249ea7758:T=1721421460:RT=1721421460:S=AA-AfjZaGTSJTig7pbBwcbk94U49
cookie: ad_count=1
cookie: click_download=vehz5gm393ydtoz
cookie: _ga_K68XP6D85D=GS1.1.1721421449.1.1.1721421461.48.0.0
cookie: cto_bundle=Nh_B4F9uNmRFc0FiMUZGUlYlMkJXMWtSanRlaHZPaGlyUFFPN21qNmFXUWVFRHY3TXU4TGJNS3ZOZ0daMlFGaEpNSVpNN1FQWXBnSWVUYlh2azZyRUcxNmNHS2IyaGFjNWxPcjBBTE9iWDRkOW9rbkg3RENVSEVKVHltYUxkbHIzJTJGdkEzJTJCMGRkWkFlOURUa3AxZW96Q0EyVXdwQVElM0QlM0Q
cookie: ezux_et_484470=1
cookie: ezux_tos_484470=8

Response

HTTP/2.0 204

date: Fri, 19 Jul 2024 20:37:48 GMT
access-control-allow-origin: https://www.mediafire.com
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 8a5d82f13e549565-LHR
x-frame-options: DENY
x-content-type-options: nosniff
DNS

static.mediafire.com

msedge.exe

Remote address:

8.8.8.8:53

Request

static.mediafire.com

IN A

Response

static.mediafire.com

IN A

104.16.113.74

static.mediafire.com

IN A

104.16.114.74
DNS

www.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.google.com

IN A

Response

www.google.com

IN A

216.58.214.68
DNS

ajax.googleapis.com

msedge.exe

Remote address:

8.8.8.8:53

Request

ajax.googleapis.com

IN A

Response

ajax.googleapis.com

IN A

216.58.214.74
GET

https://www.google.com/recaptcha/api.js

msedge.exe

Remote address:

216.58.214.68:443

Request

GET /recaptcha/api.js HTTP/2.0
host: www.google.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js

msedge.exe

Remote address:

216.58.214.74:443

Request

GET /ajax/libs/jquery/1.7.2/jquery.min.js HTTP/2.0
host: ajax.googleapis.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

static.cloudflareinsights.com

msedge.exe

Remote address:

8.8.8.8:53

Request

static.cloudflareinsights.com

IN A

Response

static.cloudflareinsights.com

IN A

104.16.79.73

static.cloudflareinsights.com

IN A

104.16.80.73
DNS

cdn.amplitude.com

msedge.exe

Remote address:

8.8.8.8:53

Request

cdn.amplitude.com

IN A

Response

cdn.amplitude.com

IN A

18.154.84.20

cdn.amplitude.com

IN A

18.154.84.124

cdn.amplitude.com

IN A

18.154.84.60

cdn.amplitude.com

IN A

18.154.84.84
GET

https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015

msedge.exe

Remote address:

104.16.79.73:443

Request

GET /beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015 HTTP/2.0
host: static.cloudflareinsights.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://www.mediafire.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Fri, 19 Jul 2024 20:37:29 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/"2024.6.1"
last-modified: Thu, 06 Jun 2024 15:52:56 GMT
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 8a5d827a39fe63e5-LHR
content-encoding: gzip
GET

https://cdn.amplitude.com/libs/amplitude-8.5.0-min.gz.js

msedge.exe

Remote address:

18.154.84.20:443

Request

GET /libs/amplitude-8.5.0-min.gz.js HTTP/2.0
host: cdn.amplitude.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://www.mediafire.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: application/javascript
content-length: 22154
date: Tue, 28 May 2024 23:29:56 GMT
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-max-age: 3000
last-modified: Fri, 13 Aug 2021 22:37:42 GMT
etag: "660c3b546f2a131de50b69b91f26c636"
x-amz-server-side-encryption: AES256
cache-control: max-age=31536000
content-encoding: gzip
x-amz-version-id: NY8_7uBz3xoXYJBVsMSBAGHOz8ixMBS3
accept-ranges: bytes
server: AmazonS3
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-cache: Hit from cloudfront
via: 1.1 d19c86161d0c021ed9e0f1495520ffa8.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR5-P7
x-amz-cf-id: mjb2CuurxmHAnKnc-JRV5sR7UCTHNVVhdIiD6u23y4_JbC7MQE4iBw==
age: 4482454
DNS

translate.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

translate.google.com

IN A

Response

translate.google.com

IN CNAME

www3.l.google.com

www3.l.google.com

IN A

142.250.178.142
DNS

74.113.16.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

74.113.16.104.in-addr.arpa

IN PTR

Response
DNS

68.214.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

68.214.58.216.in-addr.arpa

IN PTR

Response

68.214.58.216.in-addr.arpa

IN PTR

fra15s10-in-f681e100net

68.214.58.216.in-addr.arpa

IN PTR

par10s39-in-f4�H

68.214.58.216.in-addr.arpa

IN PTR

fra15s10-in-f4�H
DNS

234.75.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

234.75.250.142.in-addr.arpa

IN PTR

Response

234.75.250.142.in-addr.arpa

IN PTR

par10s41-in-f101e100net
DNS

74.214.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

74.214.58.216.in-addr.arpa

IN PTR

Response

74.214.58.216.in-addr.arpa

IN PTR

fra15s10-in-f101e100net

74.214.58.216.in-addr.arpa

IN PTR

fra15s10-in-f74�H

74.214.58.216.in-addr.arpa

IN PTR

par10s39-in-f10�H
DNS

163.214.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

163.214.58.216.in-addr.arpa

IN PTR

Response

163.214.58.216.in-addr.arpa

IN PTR

par10s42-in-f31e100net

163.214.58.216.in-addr.arpa

IN PTR

mad01s26-in-f163�H

163.214.58.216.in-addr.arpa

IN PTR

mad01s26-in-f3�H
DNS

73.79.16.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

73.79.16.104.in-addr.arpa

IN PTR

Response
DNS

136.178.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

136.178.250.142.in-addr.arpa

IN PTR

Response

136.178.250.142.in-addr.arpa

IN PTR

par21s22-in-f81e100net
GET

https://translate.google.com/translate_a/element.js?cb=googleTranslateElementInit

msedge.exe

Remote address:

142.250.178.142:443

Request

GET /translate_a/element.js?cb=googleTranslateElementInit HTTP/2.0
host: translate.google.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://fundingchoicesmessages.google.com/i/183096492?ers=3

msedge.exe

Remote address:

142.250.178.142:443

Request

GET /i/183096492?ers=3 HTTP/2.0
host: fundingchoicesmessages.google.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

api.amplitude.com

msedge.exe

Remote address:

8.8.8.8:53

Request

api.amplitude.com

IN A

Response

api.amplitude.com

IN A

35.166.106.30

api.amplitude.com

IN A

34.215.149.32

api.amplitude.com

IN A

35.83.131.199

api.amplitude.com

IN A

35.155.21.58

api.amplitude.com

IN A

34.211.242.119

api.amplitude.com

IN A

52.13.224.146

api.amplitude.com

IN A

54.213.39.112

api.amplitude.com

IN A

54.186.49.188
DNS

translate.googleapis.com

msedge.exe

Remote address:

8.8.8.8:53

Request

translate.googleapis.com

IN A

Response

translate.googleapis.com

IN A

142.250.178.138
POST

https://api.amplitude.com/

msedge.exe

Remote address:

35.166.106.30:443

Request

POST / HTTP/2.0
host: api.amplitude.com
content-length: 1086
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: application/x-www-form-urlencoded; charset=UTF-8
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Fri, 19 Jul 2024 20:37:30 GMT
content-type: text/html;charset=utf-8
content-length: 7
access-control-allow-origin: *
access-control-allow-methods: GET, POST
access-control-max-age: 86400
trace-id: Root=1-669ace8a-4d103c3619da33a3314b002c
strict-transport-security: max-age=15768000
POST

https://api.amplitude.com/

msedge.exe

Remote address:

35.166.106.30:443

Request

POST / HTTP/2.0
host: api.amplitude.com
content-length: 1086
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: application/x-www-form-urlencoded; charset=UTF-8
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Fri, 19 Jul 2024 20:37:37 GMT
content-type: text/html;charset=utf-8
content-length: 7
access-control-allow-origin: *
access-control-allow-methods: GET, POST
access-control-max-age: 86400
trace-id: Root=1-669ace91-369bf2b0612b8bc446207aa3
strict-transport-security: max-age=15768000
GET

https://translate.googleapis.com/_/translate_http/_/js/k=translate_http.tr.en_GB.jnpJ8uL5rbI.O/am=ACA/d=1/exm=el_conf/ed=1/rs=AN8SPfoG5JGfvXM4UPJfZ0KSmvU8fgHzBQ/m=el_main

msedge.exe

Remote address:

142.250.178.138:443

Request

GET /_/translate_http/_/js/k=translate_http.tr.en_GB.jnpJ8uL5rbI.O/am=ACA/d=1/exm=el_conf/ed=1/rs=AN8SPfoG5JGfvXM4UPJfZ0KSmvU8fgHzBQ/m=el_main HTTP/2.0
host: translate.googleapis.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://translate-pa.googleapis.com/v1/supportedLanguages?client=te&display_language=en-GB&key=AIzaSyBWDj0QJvVIx8XOhRegXX5_SrRWxhT5Hs4&callback=callback

msedge.exe

Remote address:

142.250.178.138:443

Request

GET /v1/supportedLanguages?client=te&display_language=en-GB&key=AIzaSyBWDj0QJvVIx8XOhRegXX5_SrRWxhT5Hs4&callback=callback HTTP/2.0
host: translate-pa.googleapis.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

67.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

67.179.250.142.in-addr.arpa

IN PTR

Response

67.179.250.142.in-addr.arpa

IN PTR

par21s19-in-f31e100net
DNS

20.84.154.18.in-addr.arpa

Remote address:

8.8.8.8:53

Request

20.84.154.18.in-addr.arpa

IN PTR

Response

20.84.154.18.in-addr.arpa

IN PTR

server-18-154-84-20lhr5r cloudfrontnet
DNS

142.178.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

142.178.250.142.in-addr.arpa

IN PTR

Response

142.178.250.142.in-addr.arpa

IN PTR

par21s22-in-f141e100net
DNS

6.39.156.108.in-addr.arpa

Remote address:

8.8.8.8:53

Request

6.39.156.108.in-addr.arpa

IN PTR

Response

6.39.156.108.in-addr.arpa

IN PTR

server-108-156-39-6lhr50r cloudfrontnet
DNS

110.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

110.179.250.142.in-addr.arpa

IN PTR

Response

110.179.250.142.in-addr.arpa

IN PTR

par21s20-in-f141e100net
DNS

138.178.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

138.178.250.142.in-addr.arpa

IN PTR

Response

138.178.250.142.in-addr.arpa

IN PTR

par21s22-in-f101e100net
DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A

Response

g.bing.com

IN CNAME

g-bing-com.dual-a-0034.a-msedge.net

g-bing-com.dual-a-0034.a-msedge.net

IN CNAME

dual-a-0034.a-msedge.net

dual-a-0034.a-msedge.net

IN A

204.79.197.237

dual-a-0034.a-msedge.net

IN A

13.107.21.237
DNS

region1.analytics.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

region1.analytics.google.com

IN A

Response

region1.analytics.google.com

IN A

216.239.34.36

region1.analytics.google.com

IN A

216.239.32.36
DNS

stats.g.doubleclick.net

msedge.exe

Remote address:

8.8.8.8:53

Request

stats.g.doubleclick.net

IN A

Response

stats.g.doubleclick.net

IN A

74.125.71.156

stats.g.doubleclick.net

IN A

74.125.71.157

stats.g.doubleclick.net

IN A

74.125.71.155

stats.g.doubleclick.net

IN A

74.125.71.154
DNS

www.google.co.uk

msedge.exe

Remote address:

8.8.8.8:53

Request

www.google.co.uk

IN A

Response

www.google.co.uk

IN A

172.217.20.163
POST

https://region1.analytics.google.com/g/collect?v=2&tid=G-K68XP6D85D&gtm=45je47h0v887485693z86304663za200zb6304663&_p=1721421448433&_gaz=1&gcd=13l3l3l3l1&npa=0&dma=0&tag_exp=0&cid=1100413091.1721421450&ul=en-us&sr=1280x720&uaa=x86&uamb=0&uam=&uap=Windows&uapv=10.0&uaw=0&frm=0&pscdl=noapi&_s=1&sid=1721421449&sct=1&seg=0&dl=https%3A%2F%2Fwww.mediafire.com%2Fdownload_repair.php%3Fflag%3D9%26dkey%3Dx4lw8p3316ugR2u52XkMiF3mLXmyAHMDPwKY8NfbCGOAz4xQFHxw8QE20WvIPIE8EPzy1BEFL3slKqTGxUZRQ8xVQe7tByQq5ipm%252DbgmBJio8o13pWQK9KzsTTU915X%252D9y5YgYbQIKFMwX4A0ajUgJB9MGKcppTD4wo1KF1iYr3B%252Dw%26qkey%3Dvehz5gm393ydtoz%26ip%3D194%252E110%252E13%252E70&dt=File%20sharing%20and%20storage%20made%20simple&en=page_view&_fv=1&_nsi=1&_ss=1&up.page_url=https%3A%2F%2Fwww.mediafire.com%2Fdownload_repair.php%3Fflag%3D9%26dkey%3Dx4lw8p3316ugR2u52XkMiF3mLXmyAHMDPwKY8NfbCGOAz4xQFHxw8QE20WvIPIE8EPzy1BEFL3slKqTGxUZRQ8xVQe7tByQq5ipm%252DbgmBJio8o13pWQK9KzsTTU915X%252D9y5YgYbQIKFMwX4A0ajUgJB9MGKcppTD4wo1KF1iYr3B%252Dw%26qkey%3Dvehz5gm393ydtoz%26ip%3D194%252E110%252E13%252E70&tfd=3000&_z=fetch

msedge.exe

Remote address:

216.239.34.36:443

Request

POST /g/collect?v=2&tid=G-K68XP6D85D&gtm=45je47h0v887485693z86304663za200zb6304663&_p=1721421448433&_gaz=1&gcd=13l3l3l3l1&npa=0&dma=0&tag_exp=0&cid=1100413091.1721421450&ul=en-us&sr=1280x720&uaa=x86&uamb=0&uam=&uap=Windows&uapv=10.0&uaw=0&frm=0&pscdl=noapi&_s=1&sid=1721421449&sct=1&seg=0&dl=https%3A%2F%2Fwww.mediafire.com%2Fdownload_repair.php%3Fflag%3D9%26dkey%3Dx4lw8p3316ugR2u52XkMiF3mLXmyAHMDPwKY8NfbCGOAz4xQFHxw8QE20WvIPIE8EPzy1BEFL3slKqTGxUZRQ8xVQe7tByQq5ipm%252DbgmBJio8o13pWQK9KzsTTU915X%252D9y5YgYbQIKFMwX4A0ajUgJB9MGKcppTD4wo1KF1iYr3B%252Dw%26qkey%3Dvehz5gm393ydtoz%26ip%3D194%252E110%252E13%252E70&dt=File%20sharing%20and%20storage%20made%20simple&en=page_view&_fv=1&_nsi=1&_ss=1&up.page_url=https%3A%2F%2Fwww.mediafire.com%2Fdownload_repair.php%3Fflag%3D9%26dkey%3Dx4lw8p3316ugR2u52XkMiF3mLXmyAHMDPwKY8NfbCGOAz4xQFHxw8QE20WvIPIE8EPzy1BEFL3slKqTGxUZRQ8xVQe7tByQq5ipm%252DbgmBJio8o13pWQK9KzsTTU915X%252D9y5YgYbQIKFMwX4A0ajUgJB9MGKcppTD4wo1KF1iYr3B%252Dw%26qkey%3Dvehz5gm393ydtoz%26ip%3D194%252E110%252E13%252E70&tfd=3000&_z=fetch HTTP/2.0
host: region1.analytics.google.com
content-length: 0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
POST

https://stats.g.doubleclick.net/g/collect?v=2&tid=G-K68XP6D85D&cid=1100413091.1721421450&gtm=45je47h0v887485693z86304663za200zb6304663&aip=1&dma=0&gcd=13l3l3l3l1&npa=0&frm=0

msedge.exe

Remote address:

74.125.71.156:443

Request

POST /g/collect?v=2&tid=G-K68XP6D85D&cid=1100413091.1721421450&gtm=45je47h0v887485693z86304663za200zb6304663&aip=1&dma=0&gcd=13l3l3l3l1&npa=0&frm=0 HTTP/2.0
host: stats.g.doubleclick.net
content-length: 0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://www.google.co.uk/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-K68XP6D85D&cid=1100413091.1721421450&gtm=45je47h0v887485693z86304663za200zb6304663&aip=1&dma=0&gcd=13l3l3l3l1&npa=0&frm=0&z=568737169

msedge.exe

Remote address:

172.217.20.163:443

Request

GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-K68XP6D85D&cid=1100413091.1721421450&gtm=45je47h0v887485693z86304663za200zb6304663&aip=1&dma=0&gcd=13l3l3l3l1&npa=0&frm=0&z=568737169 HTTP/2.0
host: www.google.co.uk
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=dd4cfd9abf13428982f2c69b08236484&localId=w:7644E81C-AD49-10CC-B943-5E44723BEB42&deviceId=6896204247012457&anid=

Remote address:

204.79.197.237:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=dd4cfd9abf13428982f2c69b08236484&localId=w:7644E81C-AD49-10CC-B943-5E44723BEB42&deviceId=6896204247012457&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=238BAE1A79B7619D0E28BADB785760B6; domain=.bing.com; expires=Wed, 13-Aug-2025 20:37:31 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: BDEBBA89EE1A47858C8CC39F66892B53 Ref B: LON04EDGE1111 Ref C: 2024-07-19T20:37:31Z
date: Fri, 19 Jul 2024 20:37:30 GMT
GET

https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=dd4cfd9abf13428982f2c69b08236484&localId=w:7644E81C-AD49-10CC-B943-5E44723BEB42&deviceId=6896204247012457&anid=

Remote address:

204.79.197.237:443

Request

GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=dd4cfd9abf13428982f2c69b08236484&localId=w:7644E81C-AD49-10CC-B943-5E44723BEB42&deviceId=6896204247012457&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=238BAE1A79B7619D0E28BADB785760B6

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=91Q49KRjCCJtKZxQo4dPabt4K-RhfvTXPqHtr4NyRww; domain=.bing.com; expires=Wed, 13-Aug-2025 20:37:31 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 45AEA77F5D9949428CBA61551D541B46 Ref B: LON04EDGE1111 Ref C: 2024-07-19T20:37:31Z
date: Fri, 19 Jul 2024 20:37:30 GMT
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=dd4cfd9abf13428982f2c69b08236484&localId=w:7644E81C-AD49-10CC-B943-5E44723BEB42&deviceId=6896204247012457&anid=

Remote address:

204.79.197.237:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=dd4cfd9abf13428982f2c69b08236484&localId=w:7644E81C-AD49-10CC-B943-5E44723BEB42&deviceId=6896204247012457&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=238BAE1A79B7619D0E28BADB785760B6; MSPTC=91Q49KRjCCJtKZxQo4dPabt4K-RhfvTXPqHtr4NyRww

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 56F01821789844EAA58A11DB6C75E6ED Ref B: LON04EDGE1111 Ref C: 2024-07-19T20:37:31Z
date: Fri, 19 Jul 2024 20:37:31 GMT
DNS

translate-pa.googleapis.com

msedge.exe

Remote address:

8.8.8.8:53

Request

translate-pa.googleapis.com

IN A

Response

translate-pa.googleapis.com

IN A

142.250.179.106

translate-pa.googleapis.com

IN A

142.250.179.74

translate-pa.googleapis.com

IN A

142.250.178.138

translate-pa.googleapis.com

IN A

216.58.214.170

translate-pa.googleapis.com

IN A

172.217.20.170

translate-pa.googleapis.com

IN A

216.58.215.42

translate-pa.googleapis.com

IN A

142.250.201.170

translate-pa.googleapis.com

IN A

216.58.214.74

translate-pa.googleapis.com

IN A

142.250.74.234

translate-pa.googleapis.com

IN A

172.217.20.202

translate-pa.googleapis.com

IN A

142.250.75.234

translate-pa.googleapis.com

IN A

216.58.213.74
DNS

36.34.239.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

36.34.239.216.in-addr.arpa

IN PTR

Response
DNS

30.106.166.35.in-addr.arpa

Remote address:

8.8.8.8:53

Request

30.106.166.35.in-addr.arpa

IN PTR

Response

30.106.166.35.in-addr.arpa

IN PTR

ec2-35-166-106-30 us-west-2compute amazonawscom
DNS

163.20.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

163.20.217.172.in-addr.arpa

IN PTR

Response

163.20.217.172.in-addr.arpa

IN PTR

par10s49-in-f31e100net

163.20.217.172.in-addr.arpa

IN PTR

waw02s07-in-f3�H

163.20.217.172.in-addr.arpa

IN PTR

waw02s07-in-f163�H
DNS

156.71.125.74.in-addr.arpa

Remote address:

8.8.8.8:53

Request

156.71.125.74.in-addr.arpa

IN PTR

Response

156.71.125.74.in-addr.arpa

IN PTR

wn-in-f1561e100net
DNS

237.197.79.204.in-addr.arpa

Remote address:

8.8.8.8:53

Request

237.197.79.204.in-addr.arpa

IN PTR

Response
DNS

88.156.103.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

88.156.103.20.in-addr.arpa

IN PTR

Response
DNS

the.gatekeeperconsent.com

msedge.exe

Remote address:

8.8.8.8:53

Request

the.gatekeeperconsent.com

IN A

Response

the.gatekeeperconsent.com

IN A

104.21.42.32

the.gatekeeperconsent.com

IN A

172.67.199.186
GET

https://the.gatekeeperconsent.com/cmp.min.js

msedge.exe

Remote address:

104.21.42.32:443

Request

GET /cmp.min.js HTTP/2.0
host: the.gatekeeperconsent.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Fri, 19 Jul 2024 20:37:37 GMT
content-type: application/javascript
cache-control: public, max-age=14400
content-encoding: gzip
vary: Accept-Encoding
x-middleton-display: sol-js
x-robots-tag: noindex
last-modified: Fri, 19 Jul 2024 20:28:21 GMT
cf-cache-status: HIT
age: 300
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hldLa%2BfV8PTYxZJWPJ9Kx0dVRqCLbZ%2BERdS3cgWY%2BY1YkaXvoei5C1FNngFxgMnCb9WTUrCeYlKf1Vc14xGlzBXMNpa9kdiPo2rzpDqvPF3cGfjqQ7FsbJ%2FxGgIr5xbBPdM4NW5pL7cv11VF"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8a5d82adf9a463d7-LHR
alt-svc: h3=":443"; ma=86400
GET

https://the.gatekeeperconsent.com/v2/cmp.js?v=230

msedge.exe

Remote address:

104.21.42.32:443

Request

GET /v2/cmp.js?v=230 HTTP/2.0
host: the.gatekeeperconsent.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Fri, 19 Jul 2024 20:37:37 GMT
content-type: text/javascript; charset=utf-8
cache-control: public, max-age=15780000
cf-bgj: minify
last-modified: Mon, 08 Jul 2024 21:40:37 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 259739
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oGiQyES6GXidCTDl4i8Qzx7KANv4qG%2FeDnhG0hj9sSPNBMbx9ZpZ06mZxebypK31sLwlLT%2FoqHZQhuNAGz1L4RbGzMhAsEZHQbRR5IACr48GAtfmDRlVk3ml8Lbprda1l3ItjofDiT3wJsQ%2B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8a5d82afcb6363d7-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://privacy.gatekeeperconsent.com/tcf2_stub.js

msedge.exe

Remote address:

104.21.42.32:443

Request

GET /tcf2_stub.js HTTP/2.0
host: privacy.gatekeeperconsent.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Fri, 19 Jul 2024 20:37:37 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=15780000, public
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=N5EUWFmD7OeNanm0uYZhTwK9FTD6eN1MJxlv%2B4SwRUVNisND%2F4JD5gY9ZCxM0C31CnB5qPa1l1lCZ2kh57nHnNoA87Rq12sl8DgENXICXgfU849Ou4bZeYUtqe3lyWYkuW6YYzbnXUVb%2BZRrmshE1Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8a5d82afcb6563d7-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
DNS

btloader.com

msedge.exe

Remote address:

8.8.8.8:53

Request

btloader.com

IN A

Response

btloader.com

IN A

172.67.41.60

btloader.com

IN A

104.22.74.216

btloader.com

IN A

104.22.75.216
GET

https://btloader.com/tag?o=5678961798414336&upapi=true

msedge.exe

Remote address:

172.67.41.60:443

Request

GET /tag?o=5678961798414336&upapi=true HTTP/2.0
host: btloader.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Fri, 19 Jul 2024 20:37:37 GMT
content-type: application/javascript
content-length: 18662
cache-control: public, max-age=300, must-revalidate, stale-if-error=3600, stale-while-revalidate=300
content-encoding: gzip
etag: "3bb74955f43ba0d7d82596df73442e0c"
last-modified: Fri, 19 Jul 2024 20:26:07 GMT
vary: Origin, Accept-Encoding
via: 1.1 google
cf-cache-status: HIT
age: 645
accept-ranges: bytes
server: cloudflare
cf-ray: 8a5d82ae5d206412-LHR
DNS

www.ezojs.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.ezojs.com

IN A

Response

www.ezojs.com

IN CNAME

www.ezojs.com.cdn.cloudflare.net

www.ezojs.com.cdn.cloudflare.net

IN A

104.21.63.106

www.ezojs.com.cdn.cloudflare.net

IN A

172.67.170.144
DNS

privacy.gatekeeperconsent.com

msedge.exe

Remote address:

8.8.8.8:53

Request

privacy.gatekeeperconsent.com

IN A

Response

privacy.gatekeeperconsent.com

IN A

172.67.199.186

privacy.gatekeeperconsent.com

IN A

104.21.42.32
GET

https://www.ezojs.com/ezoic/sa.min.js

msedge.exe

Remote address:

104.21.63.106:443

Request

GET /ezoic/sa.min.js HTTP/2.0
host: www.ezojs.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Fri, 19 Jul 2024 20:37:37 GMT
content-type: application/javascript
cache-control: max-age=600, public
content-encoding: gzip
etag: W/"d2e91b0683e591be6fa0b8a764a98a2e"
vary: Accept-Encoding
x-middleton-display: sol-js
x-robots-tag: noindex
cf-cache-status: HIT
age: 439
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iFQhxzJFyNPPKz5ZhvBHEYDw%2FRZwXCJJUCUT%2Bm8RLNF27NTepvQnB4LXN9%2BsznbzinwvzR3NACJ4UXNkgvjQOZ4UUe4d%2Bled5ca3MEnkJFA%2F5qKk0HFaYg2gUu99kfDb"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8a5d82aeea38956b-LHR
alt-svc: h3=":443"; ma=86400
GET

https://privacy.gatekeeperconsent.com/consent_modules.json

msedge.exe

Remote address:

172.67.199.186:443

Request

GET /consent_modules.json HTTP/2.0
host: privacy.gatekeeperconsent.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Fri, 19 Jul 2024 20:37:37 GMT
content-type: application/json;charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=15780000, public
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JxH%2BR4Fx1b%2BDQFUQ4U9IZ7UwLlobDCx0ytatHyh0OnPOC2UJdrFoBLRXmYjOETfWjYnY4PZAbxl1nJB%2Fg20YiAvnSdkRwAt1RT1eMhB1bqpzNbupB4uRlZBuL9xmu57LnRv%2F4nvhjmifT1lYwXaN6g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8a5d82af2cac94ff-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://the.gatekeeperconsent.com/v2/config.json?domain=www.mediafire.com&changeLogId=0&cb=0

msedge.exe

Remote address:

172.67.199.186:443

Request

GET /v2/config.json?domain=www.mediafire.com&changeLogId=0&cb=0 HTTP/2.0
host: the.gatekeeperconsent.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Fri, 19 Jul 2024 20:37:38 GMT
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=3600, public
content-encoding: gzip
content-security-policy: default-src 'none'
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: deny
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lsdy1yGKtL3w2CT0I4mwo6U5plX0t59RVhLmF1CWkI%2Fic3NkOgA00r3V2q2Y753Q%2BPEDM7PmymLF8G%2BK0q1WARx7tvBJpPeAmjBGwEeHk2o8Nv0DLsoNPvW2jSqFJIuELu2YksR8IuTia5UO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8a5d82b13fa394ff-LHR
alt-svc: h3=":443"; ma=86400
GET

https://the.gatekeeperconsent.com/cmp/gvl.json?v=9&lang=en

msedge.exe

Remote address:

172.67.199.186:443

Request

GET /cmp/gvl.json?v=9&lang=en HTTP/2.0
host: the.gatekeeperconsent.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Fri, 19 Jul 2024 20:37:38 GMT
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=345600
content-encoding: gzip
last-modified: Tue, 16 Jul 2024 20:28:38 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 259732
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fclZYmKtvNt%2BFZhaWPF2q49%2Fp51yxZndk4TpZkZYr3dHH3%2Bs52o7SJ%2BLajqYqk9WmzzaYqoMwvy7%2BeMHuYDQ5KQimdy9LTRbmhshfxEd7Fs72EVVbqmHTq3G%2BtoPSdQmA4WIbOMVftDTtgBk"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8a5d82b1a87194ff-LHR
alt-svc: h3=":443"; ma=86400
OPTIONS

https://the.gatekeeperconsent.com/cmp/v2/main_modal_firstpage?domain=www.mediafire.com&region=default&lang=en-US&cb=231&changeLogId=593543

msedge.exe

Remote address:

172.67.199.186:443

Request

OPTIONS /cmp/v2/main_modal_firstpage?domain=www.mediafire.com&region=default&lang=en-US&cb=231&changeLogId=593543 HTTP/2.0
host: the.gatekeeperconsent.com
accept: */*
access-control-request-method: GET
access-control-request-headers: content-type
origin: https://www.mediafire.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-mode: cors
sec-fetch-site: cross-site
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Fri, 19 Jul 2024 20:37:38 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET, POST, PUT, OPTIONS
access-control-allow-origin: https://www.mediafire.com
access-control-max-age: 1728000
vary: Accept-Encoding,Origin,Access-Control-Request-Method,Access-Control-Request-Headers
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aMGenxFQOeJ79ZrMCWpCbckIkPzAABNuT4aYq8AdHmiJJvaiJWEbPKIcqroOdPbLX%2BvRBSjpXKzp6psV4aOaxk37jCnLCOZzUFLLHQYGWMaxNXz9RUeiF4GITLpfsjgMGu8vwLHmBQiDzWjF"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8a5d82b2594694ff-LHR
alt-svc: h3=":443"; ma=86400
GET

https://the.gatekeeperconsent.com/cmp/v2/main_modal_firstpage?domain=www.mediafire.com&region=default&lang=en-US&cb=231&changeLogId=593543

msedge.exe

Remote address:

172.67.199.186:443

Request

GET /cmp/v2/main_modal_firstpage?domain=www.mediafire.com&region=default&lang=en-US&cb=231&changeLogId=593543 HTTP/2.0
host: the.gatekeeperconsent.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: application/json
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Fri, 19 Jul 2024 20:37:38 GMT
content-type: text/html; charset=utf-8
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, POST, PUT, OPTIONS
access-control-allow-origin: https://www.mediafire.com
access-control-max-age: 1728000
cache-control: public, max-age=2592000
vary: Accept-Encoding,Origin,Access-Control-Request-Method,Access-Control-Request-Headers
last-modified: Tue, 16 Jul 2024 20:28:45 GMT
cf-cache-status: HIT
age: 259688
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=w6O9JuUG%2B9kX0iqRmkRnmjcJOgZrhuXsrjqtbN9lqYcuUZu0UNjtMhUYHZTzitfbw6q4t1PCkg2vk84Sw0x%2BY8AE7tMCn2PLvoIZw69GKWiArR1BDOzl0DA6bPiJw5cJ9hCcmPeeIJ%2FGNl3U"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8a5d82b2999b94ff-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
DNS

cdn.otnolatrnup.com

msedge.exe

Remote address:

8.8.8.8:53

Request

cdn.otnolatrnup.com

IN A

Response

cdn.otnolatrnup.com

IN A

104.16.52.110

cdn.otnolatrnup.com

IN A

104.16.53.110
DNS

ad-delivery.net

msedge.exe

Remote address:

8.8.8.8:53

Request

ad-delivery.net

IN A

Response

ad-delivery.net

IN A

104.26.2.70

ad-delivery.net

IN A

104.26.3.70

ad-delivery.net

IN A

172.67.69.19
DNS

api.btloader.com

msedge.exe

Remote address:

8.8.8.8:53

Request

api.btloader.com

IN A

Response

api.btloader.com

IN A

130.211.23.194
GET

https://cdn.otnolatrnup.com/Scripts/infinity.js.aspx?guid=5ff0fb62-0643-4ff1-aaee-c737f9ffc0e0

msedge.exe

Remote address:

104.16.52.110:443

Request

GET /Scripts/infinity.js.aspx?guid=5ff0fb62-0643-4ff1-aaee-c737f9ffc0e0 HTTP/2.0
host: cdn.otnolatrnup.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Fri, 19 Jul 2024 20:37:37 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, no-transform, max-age=900
content-encoding: gzip
p3p: CP="CAO PSA OUR IND"
access-control-allow-origin: *
last-modified: Fri, 19 Jul 2024 20:34:29 GMT
cf-cache-status: HIT
age: 17
server: cloudflare
cf-ray: 8a5d82b02ec594d3-LHR
alt-svc: h3=":443"; ma=86400
GET

https://otnolatrnup.com/Tag.engine?time=0&id=5ff0fb62-0643-4ff1-aaee-c737f9ffc0e0&rand=62020&ver=async&referrerUrl=https%3A%2F%2Fwww.mediafire.com%2Fdownload_repair.php%3Fflag%3D9%26dkey%3Dx4lw8p3316ugR2u52XkMiF3mLXmyAHMDPwKY8NfbCGOAz4xQFHxw8QE20WvIPIE8EPzy1BEFL3slKqTGxUZRQ8xVQe7tByQq5ipm%252DbgmBJio8o13pWQK9KzsTTU915X%252D9y5YgYbQIKFMwX4A0ajUgJB9MGKcppTD4wo1KF1iYr3B%252Dw%26qkey%3Dvehz5gm393ydtoz%26ip%3D194%252E110%252E13%252E70&fingerPrint=123&abr=false&stdTime=0&fpe=1&bw=1280&bh=609&res=1280x720&curl=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fvehz5gm393ydtoz%2Fnitrogen.zip&kw=online%20storage%2Cfree%20storage%2Ccloud%20storage%2Ccollaboration%2Cbackup%20file%20sharing%2Cshare%20files%2Cphoto%20backup%2Cphoto%20sharing%2Cftp%20replacement%2Ccross%20platform%2Cremote%20access%2Cmobile%20access%2Csend%20large%20files%2Crecover%20files%2Cfile%20versioning%2Cundelete%2Cwindows%2Cpc%2Cmac%2Cos%20x%2Clinux%2Ciphone

msedge.exe

Remote address:

104.16.52.110:443

Request

GET /Tag.engine?time=0&id=5ff0fb62-0643-4ff1-aaee-c737f9ffc0e0&rand=62020&ver=async&referrerUrl=https%3A%2F%2Fwww.mediafire.com%2Fdownload_repair.php%3Fflag%3D9%26dkey%3Dx4lw8p3316ugR2u52XkMiF3mLXmyAHMDPwKY8NfbCGOAz4xQFHxw8QE20WvIPIE8EPzy1BEFL3slKqTGxUZRQ8xVQe7tByQq5ipm%252DbgmBJio8o13pWQK9KzsTTU915X%252D9y5YgYbQIKFMwX4A0ajUgJB9MGKcppTD4wo1KF1iYr3B%252Dw%26qkey%3Dvehz5gm393ydtoz%26ip%3D194%252E110%252E13%252E70&fingerPrint=123&abr=false&stdTime=0&fpe=1&bw=1280&bh=609&res=1280x720&curl=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fvehz5gm393ydtoz%2Fnitrogen.zip&kw=online%20storage%2Cfree%20storage%2Ccloud%20storage%2Ccollaboration%2Cbackup%20file%20sharing%2Cshare%20files%2Cphoto%20backup%2Cphoto%20sharing%2Cftp%20replacement%2Ccross%20platform%2Cremote%20access%2Cmobile%20access%2Csend%20large%20files%2Crecover%20files%2Cfile%20versioning%2Cundelete%2Cwindows%2Cpc%2Cmac%2Cos%20x%2Clinux%2Ciphone HTTP/2.0
host: otnolatrnup.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Fri, 19 Jul 2024 20:37:38 GMT
content-type: application/json; charset=utf-8
accept-ch: Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version
vary: Accept-Encoding
cache-control: private, no-transform
content-encoding: gzip
p3p: CP="CAO PSA OUR IND"
access-control-allow-origin: *
set-cookie: IKSR={}; path=/; SameSite=None; secure
set-cookie: __INF_CC=; expires=Tue, 09-Jul-2024 20:37:38 GMT; path=/
set-cookie: INF_DFL8=false; path=/; SameSite=None; secure
set-cookie: IUID=1eaffedd-d7fd-430e-99d3-f317f95ae1c0; expires=Wed, 19-Jul-2034 20:37:38 GMT; path=/; SameSite=None; secure
set-cookie: ISSH=74C0D1; path=/; SameSite=None; secure
set-cookie: VMI=; path=/; SameSite=None; secure
set-cookie: CHN=#[]; expires=Wed, 19-Jul-2034 20:37:38 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: MSSH=#{}; expires=Wed, 19-Jul-2034 20:37:38 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: MSRH=#{}; expires=Wed, 19-Jul-2034 20:37:38 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: ILP={"Profile":{"Audiences":{"Audience":[],"ThirdPartyAudience":[]}},"CreatedDate":"2024-07-19T20:37:38.2553772Z"}; expires=Wed, 19-Jul-2034 20:37:38 GMT; path=/; SameSite=None; secure
set-cookie: ILPLU=#7/19/2024 8:37:38 PM; expires=Wed, 19-Jul-2034 20:37:38 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: ILEALC=#7/19/2024 8:37:38 PM; expires=Wed, 19-Jul-2034 20:37:38 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: ILMPF=#True; expires=Sat, 20-Jul-2024 00:37:38 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: IPMPLU=#1/1/0001 12:00:00 AM; expires=Wed, 19-Jul-2034 20:37:38 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: IPMUID=#; expires=Wed, 19-Jul-2034 20:37:38 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: BSWUID=#; expires=Wed, 19-Jul-2034 20:37:38 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: IKSR={}; path=/; SameSite=None; secure
set-cookie: IBL=#[]; expires=Wed, 19-Jul-2034 20:37:38 GMT; path=/; SameSite=None; secure
set-cookie: IOPT=#[]; expires=Wed, 19-Jul-2034 20:37:38 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: ISH=#{"101":[{"SId":"74C0D1","D":"24/7/19T13:37:38"}]}; expires=Wed, 19-Jul-2034 20:37:38 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: ISH_Q=#[101]; expires=Wed, 19-Jul-2034 20:37:38 GMT; path=/; SameSite=None; secure; HttpOnly
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 8a5d82b1881f94d3-LHR
alt-svc: h3=":443"; ma=86400
GET

https://otnolatrnup.com/fp.engine?id=5ff0fb62-0643-4ff1-aaee-c737f9ffc0e0&rand=33492&ver=async&time=0&referrerUrl=https%3A%2F%2Fwww.mediafire.com%2Fdownload_repair.php%3Fflag%3D9%26dkey%3Dx4lw8p3316ugR2u52XkMiF3mLXmyAHMDPwKY8NfbCGOAz4xQFHxw8QE20WvIPIE8EPzy1BEFL3slKqTGxUZRQ8xVQe7tByQq5ipm%252DbgmBJio8o13pWQK9KzsTTU915X%252D9y5YgYbQIKFMwX4A0ajUgJB9MGKcppTD4wo1KF1iYr3B%252Dw%26qkey%3Dvehz5gm393ydtoz%26ip%3D194%252E110%252E13%252E70&subId=&tid=&abr=false&res=1280x720&stdTime=0&fpe=1&curl=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fvehz5gm393ydtoz%2Fnitrogen.zip&kw=online%20storage%2Cfree%20storage%2Ccloud%20storage%2Ccollaboration%2Cbackup%20file%20sharing%2Cshare%20files%2Cphoto%20backup%2Cphoto%20sharing%2Cftp%20replacement%2Ccross%20platform%2Cremote%20access%2Cmobile%20access%2Csend%20large%20files%2Crecover%20files%2Cfile%20versioning%2Cundelete%2Cwindows%2Cpc%2Cmac%2Cos%20x%2Clinux%2Ciphone&spt=1

msedge.exe

Remote address:

104.16.52.110:443

Request

GET /fp.engine?id=5ff0fb62-0643-4ff1-aaee-c737f9ffc0e0&rand=33492&ver=async&time=0&referrerUrl=https%3A%2F%2Fwww.mediafire.com%2Fdownload_repair.php%3Fflag%3D9%26dkey%3Dx4lw8p3316ugR2u52XkMiF3mLXmyAHMDPwKY8NfbCGOAz4xQFHxw8QE20WvIPIE8EPzy1BEFL3slKqTGxUZRQ8xVQe7tByQq5ipm%252DbgmBJio8o13pWQK9KzsTTU915X%252D9y5YgYbQIKFMwX4A0ajUgJB9MGKcppTD4wo1KF1iYr3B%252Dw%26qkey%3Dvehz5gm393ydtoz%26ip%3D194%252E110%252E13%252E70&subId=&tid=&abr=false&res=1280x720&stdTime=0&fpe=1&curl=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fvehz5gm393ydtoz%2Fnitrogen.zip&kw=online%20storage%2Cfree%20storage%2Ccloud%20storage%2Ccollaboration%2Cbackup%20file%20sharing%2Cshare%20files%2Cphoto%20backup%2Cphoto%20sharing%2Cftp%20replacement%2Ccross%20platform%2Cremote%20access%2Cmobile%20access%2Csend%20large%20files%2Crecover%20files%2Cfile%20versioning%2Cundelete%2Cwindows%2Cpc%2Cmac%2Cos%20x%2Clinux%2Ciphone&spt=1 HTTP/2.0
host: otnolatrnup.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: INF_DFL8=false
cookie: IUID=1eaffedd-d7fd-430e-99d3-f317f95ae1c0
cookie: ISSH=74C0D1
cookie: VMI=
cookie: CHN=#[]
cookie: MSSH=#{}
cookie: MSRH=#{}
cookie: ILP={"Profile":{"Audiences":{"Audience":[],"ThirdPartyAudience":[]}},"CreatedDate":"2024-07-19T20:37:38.2553772Z"}
cookie: IKSR={}
cookie: ILPLU=#7/19/2024 8:37:38 PM
cookie: ILEALC=#7/19/2024 8:37:38 PM
cookie: ILMPF=#True
cookie: IPMPLU=#1/1/0001 12:00:00 AM
cookie: IPMUID=#
cookie: BSWUID=#
cookie: IBL=#[]
cookie: IOPT=#[]
cookie: ISH=#{"101":[{"SId":"74C0D1","D":"24/7/19T13:37:38"}]}
cookie: ISH_Q=#[101]

Response

HTTP/2.0 200

date: Fri, 19 Jul 2024 20:37:42 GMT
content-type: text/html; charset=utf-8
accept-ch: Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version
vary: Accept-Encoding
cache-control: private, no-transform
content-encoding: gzip
p3p: CP="CAO PSA OUR IND"
access-control-allow-origin: *
set-cookie: IKSR={}; path=/; SameSite=None; secure
set-cookie: INF_DFL8=false; path=/; SameSite=None; secure
set-cookie: IUID=1eaffedd-d7fd-430e-99d3-f317f95ae1c0; expires=Wed, 19-Jul-2034 20:37:42 GMT; path=/; SameSite=None; secure
set-cookie: ISSH=74C0D1; path=/; SameSite=None; secure
set-cookie: VMI=; path=/; SameSite=None; secure
set-cookie: IPLH=#{}; expires=Wed, 19-Jul-2034 20:37:42 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: IPLH_Q=#[]; expires=Wed, 19-Jul-2034 20:37:42 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: CHN=#[]; expires=Wed, 19-Jul-2034 20:37:42 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: MSSH=#{}; expires=Wed, 19-Jul-2034 20:37:42 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: MSRH=#{}; expires=Wed, 19-Jul-2034 20:37:42 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: ILP={"Profile":{"Audiences":{"Audience":[],"ThirdPartyAudience":[]}},"CreatedDate":"2024-07-19T20:37:38.2553772Z"}; expires=Wed, 19-Jul-2034 20:37:42 GMT; path=/; SameSite=None; secure
set-cookie: ILPLU=#7/19/2024 8:37:38 PM; expires=Wed, 19-Jul-2034 20:37:42 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: ILEALC=#7/19/2024 8:37:38 PM; expires=Wed, 19-Jul-2034 20:37:42 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: ILMPF=#True; expires=Sat, 20-Jul-2024 00:37:42 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: IPMPLU=#1/1/0001 12:00:00 AM; expires=Wed, 19-Jul-2034 20:37:42 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: IPMUID=#; expires=Wed, 19-Jul-2034 20:37:42 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: BSWUID=#; expires=Wed, 19-Jul-2034 20:37:42 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: IKSR={}; path=/; SameSite=None; secure
set-cookie: IBL=#[]; expires=Wed, 19-Jul-2034 20:37:42 GMT; path=/; SameSite=None; secure
set-cookie: IOPT=#[]; expires=Wed, 19-Jul-2034 20:37:42 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: IPLSH=#{}; expires=Wed, 19-Jul-2034 20:37:42 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: IPLSH_Q=#[]; expires=Wed, 19-Jul-2034 20:37:42 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: IZH=#{}; expires=Wed, 19-Jul-2034 20:37:42 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: IZH_Q=#[]; expires=Wed, 19-Jul-2034 20:37:42 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: IMCH=#{}; expires=Wed, 19-Jul-2034 20:37:42 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: IMCH_Q=#[]; expires=Wed, 19-Jul-2034 20:37:42 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: IMH=#{}; expires=Wed, 19-Jul-2034 20:37:42 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: IMH_Q=#[]; expires=Wed, 19-Jul-2034 20:37:42 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: ISH=#{"101":[{"SId":"74C0D1","D":"24/7/19T13:37:38"}]}; expires=Wed, 19-Jul-2034 20:37:42 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: ISH_Q=#[101]; expires=Wed, 19-Jul-2034 20:37:42 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: ISPH=#{}; expires=Wed, 19-Jul-2034 20:37:42 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: ISPH_Q=#[]; expires=Wed, 19-Jul-2034 20:37:42 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: ICH=#{}; expires=Wed, 19-Jul-2034 20:37:42 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: ICH_Q=#[]; expires=Wed, 19-Jul-2034 20:37:42 GMT; path=/; SameSite=None; secure; HttpOnly
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 8a5d82cc8b9a94d3-LHR
alt-svc: h3=":443"; ma=86400
GET

https://otnolatrnup.com/Redirect.eng?MediaSegmentId=88101&dcid=1_ctx_d4ddd617-25ed-47ca-ad38-cebbb35e950c&vmId=00000000-0000-0000-0000-000000000000&abr=false&timeZoneOffset=0&dst=False&v=W2Uj58SzulJXrWKbJq2lEXM75hNzb56NGW-zeNRjoNyKWGUVgmhD9Q0pZxT7cxoZvg3JMaQEexvYhGfhHiv7kLDDBBaZAzOIC1pFfpmDjnhc8cKCFAWTpKA48CfvdK342FOoKh_XXiCzdz1T00T2asbJ9pyLDRVS3z_7BotHbVLpqZIg2zLJflgS2c-YBCzwCEYYM73oSDQwKWNPF2XAyOMKjxs0YnHErPju3n_IR7cALtlzZG1AR4E2AMqsPVvS6SJ7QqtSiLm-Ir3aLVnAbyNFx-FcBKHh1-hTvAcKoOpV8D1cSFoc2wb2XotQso5i9NEBP44EMN5NKY5rKO7y9W1jLOWal2PfhWnb1c27DpQTxNkYaT_Eb-86snMfoZ0yNSVkOclih0Wg1TEpk7AcYjahAlWYTlH1Kl4aFpTVChKF1v12qpMPqAoM41aHUwmndk73jY7M1aOD3hppmGgAs8ncWS3Ul7oVDHOxRkQIlmF-uqpdae78nMkEThmMshzZIXMtEm8Gaqzuq6iQzz19XO0kYw64tdwUb3WFunuZw_UuvJjNqJZR4VGmfayHcRPAL2xQ7fMUpFdfsB9qyon31yqu7FYv1YBJ9V9qmX-WLu3BxDNf01nW9f_VRe0UCI3TpKq4UFOix_8LiF0s7UL_VDne4Xbt-rEXhzSyuzzwzPocOcdTlYH2ioaAkzIr2NNvqMriUXQkV_DiBj5W2Gybc1u0cBQqaxWQ91Q-zHt8xGYVW5wz69qNKZnkA85Ci30DT05e6T-DnfeMpsW42KWzWVOe2gO-NNBi929Vve1359xy0jkSh6cIZaYngM-NsNP7gOjQ7C10IDpguiKYjNeim63dcCleIlYgqATmBJDfFfO78X3eJuvFmctnLyHm0cTrG1qA6XE9DKMRmtVXH-Rp93ZCG8jkncC_jseHyFmiTyvGors_zrQVerLmwfs-KCNHajPiaX_EDc580YyVbA4lZ4J-Pivq5giZsuvX_ZsN-rU5NcV4c5j2Nr2QDX6rrJQTh2aj_ZJVPle2TX7PUbfkMQsy3vSfCc2zzpH0FXTuoimFNAMMSK9aIf3rl7Ck1U7yPe_ExGxqT0dNs0xQbr-QiQ2&kw=online+storage%2Cfree+storage%2Ccloud+storage%2Ccollaboration%2Cbackup+file+sharing%2Cshare+files%2Cphoto+backup%2Cphoto+sharing%2Cftp+replacement%2Ccross+platform%2Cremote+access%2Cmobile+access%2Csend+large+files%2Crecover+files%2Cfile+versioning%2Cundelete%2Cwindows%2Cpc%2Cmac%2Cos+x%2Clinux%2Ciphone&mw=1024&mh=768&at=&res=1280x720&spt=1&kw=online+storage%2cfree+storage%2ccloud+storage%2ccollaboration%2cbackup+file+sharing%2cshare+files%2cphoto+backup%2cphoto+sharing%2cftp+replacement%2ccross+platform%2cremote+access%2cmobile+access%2csend+large+files%2crecover+files%2cfile+versioning%2cundelete%2cwindows%2cpc%2cmac%2cos+x%2clinux%2ciphone

msedge.exe

Remote address:

104.16.52.110:443

Request

GET /Redirect.eng?MediaSegmentId=88101&dcid=1_ctx_d4ddd617-25ed-47ca-ad38-cebbb35e950c&vmId=00000000-0000-0000-0000-000000000000&abr=false&timeZoneOffset=0&dst=False&v=W2Uj58SzulJXrWKbJq2lEXM75hNzb56NGW-zeNRjoNyKWGUVgmhD9Q0pZxT7cxoZvg3JMaQEexvYhGfhHiv7kLDDBBaZAzOIC1pFfpmDjnhc8cKCFAWTpKA48CfvdK342FOoKh_XXiCzdz1T00T2asbJ9pyLDRVS3z_7BotHbVLpqZIg2zLJflgS2c-YBCzwCEYYM73oSDQwKWNPF2XAyOMKjxs0YnHErPju3n_IR7cALtlzZG1AR4E2AMqsPVvS6SJ7QqtSiLm-Ir3aLVnAbyNFx-FcBKHh1-hTvAcKoOpV8D1cSFoc2wb2XotQso5i9NEBP44EMN5NKY5rKO7y9W1jLOWal2PfhWnb1c27DpQTxNkYaT_Eb-86snMfoZ0yNSVkOclih0Wg1TEpk7AcYjahAlWYTlH1Kl4aFpTVChKF1v12qpMPqAoM41aHUwmndk73jY7M1aOD3hppmGgAs8ncWS3Ul7oVDHOxRkQIlmF-uqpdae78nMkEThmMshzZIXMtEm8Gaqzuq6iQzz19XO0kYw64tdwUb3WFunuZw_UuvJjNqJZR4VGmfayHcRPAL2xQ7fMUpFdfsB9qyon31yqu7FYv1YBJ9V9qmX-WLu3BxDNf01nW9f_VRe0UCI3TpKq4UFOix_8LiF0s7UL_VDne4Xbt-rEXhzSyuzzwzPocOcdTlYH2ioaAkzIr2NNvqMriUXQkV_DiBj5W2Gybc1u0cBQqaxWQ91Q-zHt8xGYVW5wz69qNKZnkA85Ci30DT05e6T-DnfeMpsW42KWzWVOe2gO-NNBi929Vve1359xy0jkSh6cIZaYngM-NsNP7gOjQ7C10IDpguiKYjNeim63dcCleIlYgqATmBJDfFfO78X3eJuvFmctnLyHm0cTrG1qA6XE9DKMRmtVXH-Rp93ZCG8jkncC_jseHyFmiTyvGors_zrQVerLmwfs-KCNHajPiaX_EDc580YyVbA4lZ4J-Pivq5giZsuvX_ZsN-rU5NcV4c5j2Nr2QDX6rrJQTh2aj_ZJVPle2TX7PUbfkMQsy3vSfCc2zzpH0FXTuoimFNAMMSK9aIf3rl7Ck1U7yPe_ExGxqT0dNs0xQbr-QiQ2&kw=online+storage%2Cfree+storage%2Ccloud+storage%2Ccollaboration%2Cbackup+file+sharing%2Cshare+files%2Cphoto+backup%2Cphoto+sharing%2Cftp+replacement%2Ccross+platform%2Cremote+access%2Cmobile+access%2Csend+large+files%2Crecover+files%2Cfile+versioning%2Cundelete%2Cwindows%2Cpc%2Cmac%2Cos+x%2Clinux%2Ciphone&mw=1024&mh=768&at=&res=1280x720&spt=1&kw=online+storage%2cfree+storage%2ccloud+storage%2ccollaboration%2cbackup+file+sharing%2cshare+files%2cphoto+backup%2cphoto+sharing%2cftp+replacement%2ccross+platform%2cremote+access%2cmobile+access%2csend+large+files%2crecover+files%2cfile+versioning%2cundelete%2cwindows%2cpc%2cmac%2cos+x%2clinux%2ciphone HTTP/2.0
host: otnolatrnup.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
sec-ch-ua-platform-version: "10.0"
sec-ch-ua-model: ""
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://otnolatrnup.com/fp.engine?id=5ff0fb62-0643-4ff1-aaee-c737f9ffc0e0&rand=33492&ver=async&time=0&referrerUrl=https%3A%2F%2Fwww.mediafire.com%2Fdownload_repair.php%3Fflag%3D9%26dkey%3Dx4lw8p3316ugR2u52XkMiF3mLXmyAHMDPwKY8NfbCGOAz4xQFHxw8QE20WvIPIE8EPzy1BEFL3slKqTGxUZRQ8xVQe7tByQq5ipm%252DbgmBJio8o13pWQK9KzsTTU915X%252D9y5YgYbQIKFMwX4A0ajUgJB9MGKcppTD4wo1KF1iYr3B%252Dw%26qkey%3Dvehz5gm393ydtoz%26ip%3D194%252E110%252E13%252E70&subId=&tid=&abr=false&res=1280x720&stdTime=0&fpe=1&curl=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fvehz5gm393ydtoz%2Fnitrogen.zip&kw=online%20storage%2Cfree%20storage%2Ccloud%20storage%2Ccollaboration%2Cbackup%20file%20sharing%2Cshare%20files%2Cphoto%20backup%2Cphoto%20sharing%2Cftp%20replacement%2Ccross%20platform%2Cremote%20access%2Cmobile%20access%2Csend%20large%20files%2Crecover%20files%2Cfile%20versioning%2Cundelete%2Cwindows%2Cpc%2Cmac%2Cos%20x%2Clinux%2Ciphone&spt=1
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: INF_DFL8=false
cookie: IUID=1eaffedd-d7fd-430e-99d3-f317f95ae1c0
cookie: ISSH=74C0D1
cookie: VMI=
cookie: IKSR={}
cookie: ILP={"Profile":{"Audiences":{"Audience":[],"ThirdPartyAudience":[]}},"CreatedDate":"2024-07-19T20:37:38.2553772Z"}
cookie: CHN=#[]
cookie: MSSH=#{}
cookie: MSRH=#{}
cookie: ILPLU=#7/19/2024 8:37:38 PM
cookie: ILEALC=#7/19/2024 8:37:38 PM
cookie: ILMPF=#True
cookie: IPMPLU=#1/1/0001 12:00:00 AM
cookie: IPMUID=#
cookie: BSWUID=#
cookie: IBL=#[]
cookie: IOPT=#[]
cookie: ISH=#{"101":[{"SId":"74C0D1","D":"24/7/19T13:37:38"}]}
cookie: ISH_Q=#[101]
cookie: IPLH_Q=#[]
cookie: IPLH=#{}
cookie: IPLSH=#{}
cookie: IPLSH_Q=#[]
cookie: IZH=#{}
cookie: IZH_Q=#[]
cookie: IMCH=#{}
cookie: IMCH_Q=#[]
cookie: IMH=#{}
cookie: IMH_Q=#[]
cookie: ISPH=#{}
cookie: ISPH_Q=#[]
cookie: ICH=#{}
cookie: ICH_Q=#[]

Response

HTTP/2.0 302

date: Fri, 19 Jul 2024 20:37:43 GMT
content-type: text/html; charset=utf-8
location: https://otnolatrnup.com/hideref.engine?d=https%3a%2f%2fworeppercomming.com%2f4fabb44a-878d-4024-bdef-2de07d973f5e%3fcampaignname%3d2_OperaGX%26placementname%3d2_OperaGX_UK_Win_101%26bid%3d5.75%26totalcpv%3d0.00575%26channel%3dFile%2bHosting%2b%2526%2bSharing%26subchannel%3dFile%2bHosting%2b%2526%2bSharing%26medianame%3dOperaGX_WW_9636%26keywords%3donline+storage%2cfree+storage%2ccloud+storage%2ccollaboration%2cbackup+file+sharing%2cshare+files%2cphoto+backup%2cphoto+sharing%2cftp+replacement%2ccross+platform%2cremote+access%2cmobile+access%2csend+large+files%2crecover+files%2cfile+versioning%2cundelete%2cwindows%2cpc%2cmac%2cos+x%2clinux%2ciphone%2conline+storage%2cfree+storage%2ccloud+storage%2ccollaboration%2cbackup+file+sharing%2cshare+files%2cphoto+backup%2cphoto+sharing%2cftp+replacement%2ccross+platform%2cremote+access%2cmobile+access%2csend+large+files%2crecover+files%2cfile+versioning%2cundelete%2cwindows%2cpc%2cmac%2cos+x%2clinux%2ciphone%26sourceid%3d101%26domainid%3d1%26cpv%3d0.00575%26s2sParam%3d56fe7864-39eb-4370-85c5-a83ca0f342e2
accept-ch: Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version
vary: Accept-Encoding
cache-control: private, no-transform
content-encoding: gzip
p3p: CP="CAO PSA OUR IND"
access-control-allow-origin: *
set-cookie: IKSR={}; path=/; SameSite=None; secure
set-cookie: INF_DFL8=false; path=/; SameSite=None; secure
set-cookie: IUID=1eaffedd-d7fd-430e-99d3-f317f95ae1c0; expires=Wed, 19-Jul-2034 20:37:43 GMT; path=/; SameSite=None; secure
set-cookie: ISSH=74C0D1; path=/; SameSite=None; secure
set-cookie: VMI=00000000-0000-0000-0000-000000000000; path=/; SameSite=None; secure
set-cookie: IPLH=#{"96234":[{"SId":"74C0D1","D":"24/7/19T13:37:42"}]}; expires=Wed, 19-Jul-2034 20:37:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: IPLH_Q=#[96234]; expires=Wed, 19-Jul-2034 20:37:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: CHN=#[]; expires=Wed, 19-Jul-2034 20:37:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: MSSH=#{}; expires=Wed, 19-Jul-2034 20:37:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: MSRH=#{}; expires=Wed, 19-Jul-2034 20:37:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: ILP={"Profile":{"Audiences":{"Audience":[],"ThirdPartyAudience":[]}},"CreatedDate":"2024-07-19T20:37:38.2553772Z"}; expires=Wed, 19-Jul-2034 20:37:43 GMT; path=/; SameSite=None; secure
set-cookie: ILPLU=#7/19/2024 8:37:38 PM; expires=Wed, 19-Jul-2034 20:37:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: ILEALC=#7/19/2024 8:37:38 PM; expires=Wed, 19-Jul-2034 20:37:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: ILMPF=#True; expires=Sat, 20-Jul-2024 00:37:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: IPMPLU=#1/1/0001 12:00:00 AM; expires=Wed, 19-Jul-2034 20:37:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: IPMUID=#; expires=Wed, 19-Jul-2034 20:37:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: BSWUID=#; expires=Wed, 19-Jul-2034 20:37:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: IKSR={}; path=/; SameSite=None; secure
set-cookie: IBL=#[]; expires=Wed, 19-Jul-2034 20:37:43 GMT; path=/; SameSite=None; secure
set-cookie: IOPT=#[]; expires=Wed, 19-Jul-2034 20:37:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: IPLSH=#{}; expires=Wed, 19-Jul-2034 20:37:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: IPLSH_Q=#[]; expires=Wed, 19-Jul-2034 20:37:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: IZH=#{"100":[{"SId":"74C0D1","D":"24/7/19T13:37:42"}]}; expires=Wed, 19-Jul-2034 20:37:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: IZH_Q=#[100]; expires=Wed, 19-Jul-2034 20:37:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: IMCH=#{}; expires=Wed, 19-Jul-2034 20:37:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: IMCH_Q=#[]; expires=Wed, 19-Jul-2034 20:37:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: IMH=#{"139989":[{"SId":"74C0D1","D":"24/7/19T13:37:42"}]}; expires=Wed, 19-Jul-2034 20:37:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: IMH_Q=#[139989]; expires=Wed, 19-Jul-2034 20:37:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: ISH=#{"101":[{"SId":"74C0D1","D":"24/7/19T13:37:38"}]}; expires=Wed, 19-Jul-2034 20:37:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: ISH_Q=#[101]; expires=Wed, 19-Jul-2034 20:37:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: ISPH=#{"101":[{"SId":"74C0D1","D":"24/7/19T13:37:42"}]}; expires=Wed, 19-Jul-2034 20:37:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: ISPH_Q=#[101]; expires=Wed, 19-Jul-2034 20:37:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: ICH=#{"49116":[{"SId":"74C0D1","D":"24/7/19T13:37:42"}]}; expires=Wed, 19-Jul-2034 20:37:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: ICH_Q=#[49116]; expires=Wed, 19-Jul-2034 20:37:43 GMT; path=/; SameSite=None; secure; HttpOnly
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 8a5d82cf1dcb94d3-LHR
alt-svc: h3=":443"; ma=86400
GET

https://otnolatrnup.com/hideref.engine?d=https%3a%2f%2fworeppercomming.com%2f4fabb44a-878d-4024-bdef-2de07d973f5e%3fcampaignname%3d2_OperaGX%26placementname%3d2_OperaGX_UK_Win_101%26bid%3d5.75%26totalcpv%3d0.00575%26channel%3dFile%2bHosting%2b%2526%2bSharing%26subchannel%3dFile%2bHosting%2b%2526%2bSharing%26medianame%3dOperaGX_WW_9636%26keywords%3donline+storage%2cfree+storage%2ccloud+storage%2ccollaboration%2cbackup+file+sharing%2cshare+files%2cphoto+backup%2cphoto+sharing%2cftp+replacement%2ccross+platform%2cremote+access%2cmobile+access%2csend+large+files%2crecover+files%2cfile+versioning%2cundelete%2cwindows%2cpc%2cmac%2cos+x%2clinux%2ciphone%2conline+storage%2cfree+storage%2ccloud+storage%2ccollaboration%2cbackup+file+sharing%2cshare+files%2cphoto+backup%2cphoto+sharing%2cftp+replacement%2ccross+platform%2cremote+access%2cmobile+access%2csend+large+files%2crecover+files%2cfile+versioning%2cundelete%2cwindows%2cpc%2cmac%2cos+x%2clinux%2ciphone%26sourceid%3d101%26domainid%3d1%26cpv%3d0.00575%26s2sParam%3d56fe7864-39eb-4370-85c5-a83ca0f342e2

msedge.exe

Remote address:

104.16.52.110:443

Request

GET /hideref.engine?d=https%3a%2f%2fworeppercomming.com%2f4fabb44a-878d-4024-bdef-2de07d973f5e%3fcampaignname%3d2_OperaGX%26placementname%3d2_OperaGX_UK_Win_101%26bid%3d5.75%26totalcpv%3d0.00575%26channel%3dFile%2bHosting%2b%2526%2bSharing%26subchannel%3dFile%2bHosting%2b%2526%2bSharing%26medianame%3dOperaGX_WW_9636%26keywords%3donline+storage%2cfree+storage%2ccloud+storage%2ccollaboration%2cbackup+file+sharing%2cshare+files%2cphoto+backup%2cphoto+sharing%2cftp+replacement%2ccross+platform%2cremote+access%2cmobile+access%2csend+large+files%2crecover+files%2cfile+versioning%2cundelete%2cwindows%2cpc%2cmac%2cos+x%2clinux%2ciphone%2conline+storage%2cfree+storage%2ccloud+storage%2ccollaboration%2cbackup+file+sharing%2cshare+files%2cphoto+backup%2cphoto+sharing%2cftp+replacement%2ccross+platform%2cremote+access%2cmobile+access%2csend+large+files%2crecover+files%2cfile+versioning%2cundelete%2cwindows%2cpc%2cmac%2cos+x%2clinux%2ciphone%26sourceid%3d101%26domainid%3d1%26cpv%3d0.00575%26s2sParam%3d56fe7864-39eb-4370-85c5-a83ca0f342e2 HTTP/2.0
host: otnolatrnup.com
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: document
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
sec-ch-ua-platform-version: "10.0"
sec-ch-ua-model: ""
referer: https://otnolatrnup.com/fp.engine?id=5ff0fb62-0643-4ff1-aaee-c737f9ffc0e0&rand=33492&ver=async&time=0&referrerUrl=https%3A%2F%2Fwww.mediafire.com%2Fdownload_repair.php%3Fflag%3D9%26dkey%3Dx4lw8p3316ugR2u52XkMiF3mLXmyAHMDPwKY8NfbCGOAz4xQFHxw8QE20WvIPIE8EPzy1BEFL3slKqTGxUZRQ8xVQe7tByQq5ipm%252DbgmBJio8o13pWQK9KzsTTU915X%252D9y5YgYbQIKFMwX4A0ajUgJB9MGKcppTD4wo1KF1iYr3B%252Dw%26qkey%3Dvehz5gm393ydtoz%26ip%3D194%252E110%252E13%252E70&subId=&tid=&abr=false&res=1280x720&stdTime=0&fpe=1&curl=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fvehz5gm393ydtoz%2Fnitrogen.zip&kw=online%20storage%2Cfree%20storage%2Ccloud%20storage%2Ccollaboration%2Cbackup%20file%20sharing%2Cshare%20files%2Cphoto%20backup%2Cphoto%20sharing%2Cftp%20replacement%2Ccross%20platform%2Cremote%20access%2Cmobile%20access%2Csend%20large%20files%2Crecover%20files%2Cfile%20versioning%2Cundelete%2Cwindows%2Cpc%2Cmac%2Cos%20x%2Clinux%2Ciphone&spt=1
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: INF_DFL8=false
cookie: IUID=1eaffedd-d7fd-430e-99d3-f317f95ae1c0
cookie: ISSH=74C0D1
cookie: IKSR={}
cookie: ILP={"Profile":{"Audiences":{"Audience":[],"ThirdPartyAudience":[]}},"CreatedDate":"2024-07-19T20:37:38.2553772Z"}
cookie: MSRH=#{}
cookie: CHN=#[]
cookie: MSSH=#{}
cookie: ILPLU=#7/19/2024 8:37:38 PM
cookie: ILEALC=#7/19/2024 8:37:38 PM
cookie: ILMPF=#True
cookie: IPMPLU=#1/1/0001 12:00:00 AM
cookie: IPMUID=#
cookie: BSWUID=#
cookie: IBL=#[]
cookie: IOPT=#[]
cookie: ISH=#{"101":[{"SId":"74C0D1","D":"24/7/19T13:37:38"}]}
cookie: ISH_Q=#[101]
cookie: IPLSH=#{}
cookie: IPLSH_Q=#[]
cookie: IMCH=#{}
cookie: IMCH_Q=#[]
cookie: IPLH_Q=#[96234]
cookie: IPLH=#{"96234":[{"SId":"74C0D1","D":"24/7/19T13:37:42"}]}
cookie: VMI=00000000-0000-0000-0000-000000000000
cookie: IZH=#{"100":[{"SId":"74C0D1","D":"24/7/19T13:37:42"}]}
cookie: IZH_Q=#[100]
cookie: IMH=#{"139989":[{"SId":"74C0D1","D":"24/7/19T13:37:42"}]}
cookie: IMH_Q=#[139989]
cookie: ISPH=#{"101":[{"SId":"74C0D1","D":"24/7/19T13:37:42"}]}
cookie: ISPH_Q=#[101]
cookie: ICH=#{"49116":[{"SId":"74C0D1","D":"24/7/19T13:37:42"}]}
cookie: ICH_Q=#[49116]

Response

HTTP/2.0 200

date: Fri, 19 Jul 2024 20:37:43 GMT
content-type: text/html; charset=utf-8
accept-ch: Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version
vary: Accept-Encoding
cache-control: private, no-transform
content-encoding: gzip
p3p: CP="CAO PSA OUR IND"
access-control-allow-origin: *
set-cookie: IKSR={}; path=/; SameSite=None; secure
set-cookie: INF_DFL8=false; path=/; SameSite=None; secure
set-cookie: IUID=1eaffedd-d7fd-430e-99d3-f317f95ae1c0; expires=Wed, 19-Jul-2034 20:37:43 GMT; path=/; SameSite=None; secure
set-cookie: ISSH=74C0D1; path=/; SameSite=None; secure
set-cookie: VMI=; path=/; SameSite=None; secure
set-cookie: IPLH=#{"96234":[{"SId":"74C0D1","D":"24/7/19T13:37:42"}]}; expires=Wed, 19-Jul-2034 20:37:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: IPLH_Q=#[96234]; expires=Wed, 19-Jul-2034 20:37:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: CHN=#[]; expires=Wed, 19-Jul-2034 20:37:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: MSSH=#{}; expires=Wed, 19-Jul-2034 20:37:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: MSRH=#{}; expires=Wed, 19-Jul-2034 20:37:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: ILP={"Profile":{"Audiences":{"Audience":[],"ThirdPartyAudience":[]}},"CreatedDate":"2024-07-19T20:37:38.2553772Z"}; expires=Wed, 19-Jul-2034 20:37:43 GMT; path=/; SameSite=None; secure
set-cookie: ILPLU=#7/19/2024 8:37:38 PM; expires=Wed, 19-Jul-2034 20:37:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: ILEALC=#7/19/2024 8:37:38 PM; expires=Wed, 19-Jul-2034 20:37:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: ILMPF=#True; expires=Sat, 20-Jul-2024 00:37:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: IPMPLU=#1/1/0001 12:00:00 AM; expires=Wed, 19-Jul-2034 20:37:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: IPMUID=#; expires=Wed, 19-Jul-2034 20:37:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: BSWUID=#; expires=Wed, 19-Jul-2034 20:37:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: IKSR={}; path=/; SameSite=None; secure
set-cookie: IBL=#[]; expires=Wed, 19-Jul-2034 20:37:43 GMT; path=/; SameSite=None; secure
set-cookie: IOPT=#[]; expires=Wed, 19-Jul-2034 20:37:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: IPLSH=#{}; expires=Wed, 19-Jul-2034 20:37:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: IPLSH_Q=#[]; expires=Wed, 19-Jul-2034 20:37:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: IZH=#{"100":[{"SId":"74C0D1","D":"24/7/19T13:37:42"}]}; expires=Wed, 19-Jul-2034 20:37:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: IZH_Q=#[100]; expires=Wed, 19-Jul-2034 20:37:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: IMCH=#{}; expires=Wed, 19-Jul-2034 20:37:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: IMCH_Q=#[]; expires=Wed, 19-Jul-2034 20:37:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: IMH=#{"139989":[{"SId":"74C0D1","D":"24/7/19T13:37:42"}]}; expires=Wed, 19-Jul-2034 20:37:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: IMH_Q=#[139989]; expires=Wed, 19-Jul-2034 20:37:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: ISH=#{"101":[{"SId":"74C0D1","D":"24/7/19T13:37:38"}]}; expires=Wed, 19-Jul-2034 20:37:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: ISH_Q=#[101]; expires=Wed, 19-Jul-2034 20:37:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: ISPH=#{"101":[{"SId":"74C0D1","D":"24/7/19T13:37:42"}]}; expires=Wed, 19-Jul-2034 20:37:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: ISPH_Q=#[101]; expires=Wed, 19-Jul-2034 20:37:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: ICH=#{"49116":[{"SId":"74C0D1","D":"24/7/19T13:37:42"}]}; expires=Wed, 19-Jul-2034 20:37:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: ICH_Q=#[49116]; expires=Wed, 19-Jul-2034 20:37:43 GMT; path=/; SameSite=None; secure; HttpOnly
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 8a5d82d0bf3c94d3-LHR
alt-svc: h3=":443"; ma=86400
GET

https://otnolatrnup.com/hideref.engine?d=https%3A%2F%2Fworeppercomming.com%2F4fabb44a-878d-4024-bdef-2de07d973f5e%3Fcampaignname%3D2_OperaGX%26placementname%3D2_OperaGX_UK_Win_101%26bid%3D5.75%26totalcpv%3D0.00575%26channel%3DFile%2BHosting%2B%2526%2BSharing%26subchannel%3DFile%2BHosting%2B%2526%2BSharing%26medianame%3DOperaGX_WW_9636%26keywords%3Donline+storage%2Cfree+storage%2Ccloud+storage%2Ccollaboration%2Cbackup+file+sharing%2Cshare+files%2Cphoto+backup%2Cphoto+sharing%2Cftp+replacement%2Ccross+platform%2Cremote+access%2Cmobile+access%2Csend+large+files%2Crecover+files%2Cfile+versioning%2Cundelete%2Cwindows%2Cpc%2Cmac%2Cos+x%2Clinux%2Ciphone%2Conline+storage%2Cfree+storage%2Ccloud+storage%2Ccollaboration%2Cbackup+file+sharing%2Cshare+files%2Cphoto+backup%2Cphoto+sharing%2Cftp+replacement%2Ccross+platform%2Cremote+access%2Cmobile+access%2Csend+large+files%2Crecover+files%2Cfile+versioning%2Cundelete%2Cwindows%2Cpc%2Cmac%2Cos+x%2Clinux%2Ciphone%26sourceid%3D101%26domainid%3D1%26cpv%3D0.00575%26s2sParam%3D56fe7864-39eb-4370-85c5-a83ca0f342e2

msedge.exe

Remote address:

104.16.52.110:443

Request

GET /hideref.engine?d=https%3A%2F%2Fworeppercomming.com%2F4fabb44a-878d-4024-bdef-2de07d973f5e%3Fcampaignname%3D2_OperaGX%26placementname%3D2_OperaGX_UK_Win_101%26bid%3D5.75%26totalcpv%3D0.00575%26channel%3DFile%2BHosting%2B%2526%2BSharing%26subchannel%3DFile%2BHosting%2B%2526%2BSharing%26medianame%3DOperaGX_WW_9636%26keywords%3Donline+storage%2Cfree+storage%2Ccloud+storage%2Ccollaboration%2Cbackup+file+sharing%2Cshare+files%2Cphoto+backup%2Cphoto+sharing%2Cftp+replacement%2Ccross+platform%2Cremote+access%2Cmobile+access%2Csend+large+files%2Crecover+files%2Cfile+versioning%2Cundelete%2Cwindows%2Cpc%2Cmac%2Cos+x%2Clinux%2Ciphone%2Conline+storage%2Cfree+storage%2Ccloud+storage%2Ccollaboration%2Cbackup+file+sharing%2Cshare+files%2Cphoto+backup%2Cphoto+sharing%2Cftp+replacement%2Ccross+platform%2Cremote+access%2Cmobile+access%2Csend+large+files%2Crecover+files%2Cfile+versioning%2Cundelete%2Cwindows%2Cpc%2Cmac%2Cos+x%2Clinux%2Ciphone%26sourceid%3D101%26domainid%3D1%26cpv%3D0.00575%26s2sParam%3D56fe7864-39eb-4370-85c5-a83ca0f342e2 HTTP/2.0
host: otnolatrnup.com
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
sec-ch-ua-platform-version: "10.0"
sec-ch-ua-model: ""
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: INF_DFL8=false
cookie: IUID=1eaffedd-d7fd-430e-99d3-f317f95ae1c0
cookie: ISSH=74C0D1
cookie: IKSR={}
cookie: ILP={"Profile":{"Audiences":{"Audience":[],"ThirdPartyAudience":[]}},"CreatedDate":"2024-07-19T20:37:38.2553772Z"}
cookie: MSRH=#{}
cookie: CHN=#[]
cookie: MSSH=#{}
cookie: ILPLU=#7/19/2024 8:37:38 PM
cookie: ILEALC=#7/19/2024 8:37:38 PM
cookie: ILMPF=#True
cookie: IPMPLU=#1/1/0001 12:00:00 AM
cookie: IPMUID=#
cookie: BSWUID=#
cookie: IBL=#[]
cookie: IOPT=#[]
cookie: ISH=#{"101":[{"SId":"74C0D1","D":"24/7/19T13:37:38"}]}
cookie: ISH_Q=#[101]
cookie: IPLSH=#{}
cookie: IPLSH_Q=#[]
cookie: IMCH=#{}
cookie: IMCH_Q=#[]
cookie: IPLH_Q=#[96234]
cookie: IPLH=#{"96234":[{"SId":"74C0D1","D":"24/7/19T13:37:42"}]}
cookie: IZH=#{"100":[{"SId":"74C0D1","D":"24/7/19T13:37:42"}]}
cookie: IZH_Q=#[100]
cookie: IMH=#{"139989":[{"SId":"74C0D1","D":"24/7/19T13:37:42"}]}
cookie: IMH_Q=#[139989]
cookie: ISPH=#{"101":[{"SId":"74C0D1","D":"24/7/19T13:37:42"}]}
cookie: ISPH_Q=#[101]
cookie: ICH=#{"49116":[{"SId":"74C0D1","D":"24/7/19T13:37:42"}]}
cookie: ICH_Q=#[49116]
cookie: VMI=

Response

HTTP/2.0 302

date: Fri, 19 Jul 2024 20:37:43 GMT
content-type: text/html; charset=utf-8
location: https://woreppercomming.com/4fabb44a-878d-4024-bdef-2de07d973f5e?campaignname=2_OperaGX&placementname=2_OperaGX_UK_Win_101&bid=5.75&totalcpv=0.00575&channel=File Hosting & Sharing&subchannel=File Hosting & Sharing&medianame=OperaGX_WW_9636&keywords=online storage,free storage,cloud storage,collaboration,backup file sharing,share files,photo backup,photo sharing,ftp replacement,cross platform,remote access,mobile access,send large files,recover files,file versioning,undelete,windows,pc,mac,os x,linux,iphone,online storage,free storage,cloud storage,collaboration,backup file sharing,share files,photo backup,photo sharing,ftp replacement,cross platform,remote access,mobile access,send large files,recover files,file versioning,undelete,windows,pc,mac,os x,linux,iphone&sourceid=101&domainid=1&cpv=0.00575&s2sParam=56fe7864-39eb-4370-85c5-a83ca0f342e2
accept-ch: Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version
vary: Accept-Encoding
cache-control: private, no-transform
content-encoding: gzip
p3p: CP="CAO PSA OUR IND"
access-control-allow-origin: *
set-cookie: IKSR={}; path=/; SameSite=None; secure
set-cookie: INF_DFL8=false; path=/; SameSite=None; secure
set-cookie: IUID=1eaffedd-d7fd-430e-99d3-f317f95ae1c0; expires=Wed, 19-Jul-2034 20:37:43 GMT; path=/; SameSite=None; secure
set-cookie: ISSH=74C0D1; path=/; SameSite=None; secure
set-cookie: VMI=; path=/; SameSite=None; secure
set-cookie: IPLH=#{"96234":[{"SId":"74C0D1","D":"24/7/19T13:37:42"}]}; expires=Wed, 19-Jul-2034 20:37:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: IPLH_Q=#[96234]; expires=Wed, 19-Jul-2034 20:37:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: CHN=#[]; expires=Wed, 19-Jul-2034 20:37:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: MSSH=#{}; expires=Wed, 19-Jul-2034 20:37:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: MSRH=#{}; expires=Wed, 19-Jul-2034 20:37:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: ILP={"Profile":{"Audiences":{"Audience":[],"ThirdPartyAudience":[]}},"CreatedDate":"2024-07-19T20:37:38.2553772Z"}; expires=Wed, 19-Jul-2034 20:37:43 GMT; path=/; SameSite=None; secure
set-cookie: ILPLU=#7/19/2024 8:37:38 PM; expires=Wed, 19-Jul-2034 20:37:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: ILEALC=#7/19/2024 8:37:38 PM; expires=Wed, 19-Jul-2034 20:37:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: ILMPF=#True; expires=Sat, 20-Jul-2024 00:37:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: IPMPLU=#1/1/0001 12:00:00 AM; expires=Wed, 19-Jul-2034 20:37:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: IPMUID=#; expires=Wed, 19-Jul-2034 20:37:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: BSWUID=#; expires=Wed, 19-Jul-2034 20:37:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: IKSR={}; path=/; SameSite=None; secure
set-cookie: IBL=#[]; expires=Wed, 19-Jul-2034 20:37:43 GMT; path=/; SameSite=None; secure
set-cookie: IOPT=#[]; expires=Wed, 19-Jul-2034 20:37:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: IPLSH=#{}; expires=Wed, 19-Jul-2034 20:37:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: IPLSH_Q=#[]; expires=Wed, 19-Jul-2034 20:37:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: IZH=#{"100":[{"SId":"74C0D1","D":"24/7/19T13:37:42"}]}; expires=Wed, 19-Jul-2034 20:37:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: IZH_Q=#[100]; expires=Wed, 19-Jul-2034 20:37:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: IMCH=#{}; expires=Wed, 19-Jul-2034 20:37:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: IMCH_Q=#[]; expires=Wed, 19-Jul-2034 20:37:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: IMH=#{"139989":[{"SId":"74C0D1","D":"24/7/19T13:37:42"}]}; expires=Wed, 19-Jul-2034 20:37:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: IMH_Q=#[139989]; expires=Wed, 19-Jul-2034 20:37:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: ISH=#{"101":[{"SId":"74C0D1","D":"24/7/19T13:37:38"}]}; expires=Wed, 19-Jul-2034 20:37:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: ISH_Q=#[101]; expires=Wed, 19-Jul-2034 20:37:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: ISPH=#{"101":[{"SId":"74C0D1","D":"24/7/19T13:37:42"}]}; expires=Wed, 19-Jul-2034 20:37:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: ISPH_Q=#[101]; expires=Wed, 19-Jul-2034 20:37:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: ICH=#{"49116":[{"SId":"74C0D1","D":"24/7/19T13:37:42"}]}; expires=Wed, 19-Jul-2034 20:37:43 GMT; path=/; SameSite=None; secure; HttpOnly
set-cookie: ICH_Q=#[49116]; expires=Wed, 19-Jul-2034 20:37:43 GMT; path=/; SameSite=None; secure; HttpOnly
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 8a5d82d3caf294d3-LHR
alt-svc: h3=":443"; ma=86400
DNS

g.ezoic.net

msedge.exe

Remote address:

8.8.8.8:53

Request

g.ezoic.net

IN A

Response

g.ezoic.net

IN A

13.37.187.223
GET

https://api.btloader.com/mw/state?bt_env=prod

msedge.exe

Remote address:

130.211.23.194:443

Request

GET /mw/state?bt_env=prod HTTP/2.0
host: api.btloader.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://ad-delivery.net/px.gif?ch=2

msedge.exe

Remote address:

104.26.2.70:443

Request

GET /px.gif?ch=2 HTTP/2.0
host: ad-delivery.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Fri, 19 Jul 2024 20:37:37 GMT
content-type: image/gif
content-length: 43
x-goog-generation: 1620242732037093
x-goog-metageneration: 5
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 43
x-goog-hash: crc32c=cpEfJQ==
x-goog-hash: md5=rUsPYG4PhGW8TEwXCzfhow==
x-goog-storage-class: MULTI_REGIONAL
access-control-allow-origin: *
access-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
x-guploader-uploadid: ABPtcPrJuYyhMHJjZVJxk_6124IDembaZI4-uDy5COW5JVgByQQDMUwUoiQ4ocSYcQlyYF_ll2hzKPYYOw
expires: Sat, 20 Jul 2024 20:37:37 GMT
cache-control: public, max-age=86400
age: 2043499
last-modified: Wed, 05 May 2021 19:25:32 GMT
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AH%2FPmPRq%2FDF9HO6A%2FuEO5zvZfpyotxOWOwLqoUElY%2Fivq8BdBlE9O%2BV5U5g9VAcvNJU9%2FmH2g3JKihdRcWkh%2BHoq8gQeK7cxKcEALvVakydWAhdLJy8%2FYSj7onkQuviOpA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8a5d82b0582c6541-LHR
GET

https://ad-delivery.net/px.gif?ch=1&e=0.544687824622132

msedge.exe

Remote address:

104.26.2.70:443

Request

GET /px.gif?ch=1&e=0.544687824622132 HTTP/2.0
host: ad-delivery.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Fri, 19 Jul 2024 20:37:37 GMT
content-type: image/gif
content-length: 43
x-goog-generation: 1620242732037093
x-goog-metageneration: 5
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 43
x-goog-hash: crc32c=cpEfJQ==
x-goog-hash: md5=rUsPYG4PhGW8TEwXCzfhow==
x-goog-storage-class: MULTI_REGIONAL
access-control-allow-origin: *
access-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
x-guploader-uploadid: ABPtcPrJuYyhMHJjZVJxk_6124IDembaZI4-uDy5COW5JVgByQQDMUwUoiQ4ocSYcQlyYF_ll2hzKPYYOw
expires: Sat, 20 Jul 2024 20:37:37 GMT
cache-control: public, max-age=86400
age: 2043499
last-modified: Wed, 05 May 2021 19:25:32 GMT
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CUhXJ4dqgBlaEabZsu48RB99LkHkzzhOJwGk96LqP5UD92Z4ylKJyNhH00NQcV%2BWaQek%2FzZurN9PwGw%2FMR359sHOBXfyHcmylFhhwpXXN8b%2FTNyE9Ho53H2CqkZyYWgM0g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8a5d82b0582d6541-LHR
POST

https://g.ezoic.net/saa.go

msedge.exe

Remote address:

13.37.187.223:443

Request

POST /saa.go HTTP/2.0
host: g.ezoic.net
content-length: 2745
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

access-control-allow-credentials: true
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, POST, PUT, OPTIONS
access-control-allow-origin: https://www.mediafire.com
access-control-max-age: 1728000
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
content-encoding: br
content-type: text/javascript
date: Fri, 19 Jul 2024 20:37:38 GMT
expires: Thu, 18 Jul 2024 20:37:38 GMT
server: Apache/2.4.39 (Ubuntu)
vary: Accept-Encoding,Origin,Access-Control-Request-Method,Access-Control-Request-Headers
x-robots-tag: noindex
POST

https://g.ezoic.net/detroitchicago/imp.gif?ez_orig=1

msedge.exe

Remote address:

13.37.187.223:443

Request

POST /detroitchicago/imp.gif?ez_orig=1 HTTP/2.0
host: g.ezoic.net
content-length: 1332
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

access-control-allow-credentials: true
access-control-allow-headers: Content-Type
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, POST, PUT, OPTIONS
access-control-allow-methods: HEAD, PUT, POST, GET, OPTIONS
access-control-allow-origin: https://www.mediafire.com
access-control-allow-origin: https://www.mediafire.com
access-control-max-age: 1728000
access-control-max-age: 1728000
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
content-type: image/gif
date: Fri, 19 Jul 2024 20:37:39 GMT
expires: Thu, 18 Jul 2024 20:37:39 GMT
vary: Accept-Encoding,Origin,Access-Control-Request-Method,Access-Control-Request-Headers
x-middleton-display: imp_sol
content-length: 43
POST

https://g.ezoic.net/detroitchicago/greenoaks.gif?orig=1&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwidmlzaXRfdXVpZCI6IjdlZDY0MzMzLWJiNTUtNDgwZi00ZWRiLWU5ZTZhNTRkYjc0ZSIsInBhZ2V2aWV3X2lkIjoiMDZjY2RmNDEtMjQ2Yy00YzAzLTcyMDAtZWU2NTkwYmM5NjVkIiwiZG9tYWluX2lkIjoiNDg0NDcwIiwidF9lcG9jaCI6MTcyMTQyMTQ1OCwiZGF0YSI6W3sibmFtZSI6ImRldmljZV93aWR0aCIsInZhbCI6IjEyODAifSx7Im5hbWUiOiJkZXZpY2VfaGVpZ2h0IiwidmFsIjoiNzIwIn1dfSx7InR5cGUiOiJwYWdldmlldyIsInZpc2l0X3V1aWQiOiI3ZWQ2NDMzMy1iYjU1LTQ4MGYtNGVkYi1lOWU2YTU0ZGI3NGUiLCJwYWdldmlld19pZCI6IjA2Y2NkZjQxLTI0NmMtNGMwMy03MjAwLWVlNjU5MGJjOTY1ZCIsImRvbWFpbl9pZCI6IjQ4NDQ3MCIsInRfZXBvY2giOjE3MjE0MjE0NTgsImRhdGEiOlt7Im5hbWUiOiJ0X2xvY2FsX2RhdGUiLCJ2YWwiOiIyMDI0LTA3LTE5In0seyJuYW1lIjoidF9sb2NhbF9ob3VyIiwidmFsIjoiMjAifSx7Im5hbWUiOiJ0X2xvY2FsX2RheV9vZl93ZWVrIiwidmFsIjoiNSJ9LHsibmFtZSI6InRfbG9jYWxfdGltZXpvbmUiLCJ2YWwiOiIwIn1dfSx7InR5cGUiOiJwYWdldmlldyIsInZpc2l0X3V1aWQiOiI3ZWQ2NDMzMy1iYjU1LTQ4MGYtNGVkYi1lOWU2YTU0ZGI3NGUiLCJwYWdldmlld19pZCI6IjA2Y2NkZjQxLTI0NmMtNGMwMy03MjAwLWVlNjU5MGJjOTY1ZCIsImRvbWFpbl9pZCI6IjQ4NDQ3MCIsInRfZXBvY2giOjE3MjE0MjE0NTgsImRhdGEiOlt7Im5hbWUiOiJsYW5ndWFnZV90YWciLCJ2YWwiOiJlbi1VUyJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJ2aXNpdF91dWlkIjoiN2VkNjQzMzMtYmI1NS00ODBmLTRlZGItZTllNmE1NGRiNzRlIiwicGFnZXZpZXdfaWQiOiIwNmNjZGY0MS0yNDZjLTRjMDMtNzIwMC1lZTY1OTBiYzk2NWQiLCJkb21haW5faWQiOiI0ODQ0NzAiLCJ0X2Vwb2NoIjoxNzIxNDIxNDU4LCJkYXRhIjpbeyJuYW1lIjoibGFuZ3VhZ2VfcHJpbWFyeV9zdWJ0YWciLCJ2YWwiOiJlbiJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJ2aXNpdF91dWlkIjoiN2VkNjQzMzMtYmI1NS00ODBmLTRlZGItZTllNmE1NGRiNzRlIiwicGFnZXZpZXdfaWQiOiIwNmNjZGY0MS0yNDZjLTRjMDMtNzIwMC1lZTY1OTBiYzk2NWQiLCJkb21haW5faWQiOiI0ODQ0NzAiLCJ0X2Vwb2NoIjoxNzIxNDIxNDU4LCJkYXRhIjpbeyJuYW1lIjoiZmlkX3ZhbHVlIiwidmFsIjoiMSJ9XX1d

msedge.exe

Remote address:

13.37.187.223:443

Request

POST /detroitchicago/greenoaks.gif?orig=1&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwidmlzaXRfdXVpZCI6IjdlZDY0MzMzLWJiNTUtNDgwZi00ZWRiLWU5ZTZhNTRkYjc0ZSIsInBhZ2V2aWV3X2lkIjoiMDZjY2RmNDEtMjQ2Yy00YzAzLTcyMDAtZWU2NTkwYmM5NjVkIiwiZG9tYWluX2lkIjoiNDg0NDcwIiwidF9lcG9jaCI6MTcyMTQyMTQ1OCwiZGF0YSI6W3sibmFtZSI6ImRldmljZV93aWR0aCIsInZhbCI6IjEyODAifSx7Im5hbWUiOiJkZXZpY2VfaGVpZ2h0IiwidmFsIjoiNzIwIn1dfSx7InR5cGUiOiJwYWdldmlldyIsInZpc2l0X3V1aWQiOiI3ZWQ2NDMzMy1iYjU1LTQ4MGYtNGVkYi1lOWU2YTU0ZGI3NGUiLCJwYWdldmlld19pZCI6IjA2Y2NkZjQxLTI0NmMtNGMwMy03MjAwLWVlNjU5MGJjOTY1ZCIsImRvbWFpbl9pZCI6IjQ4NDQ3MCIsInRfZXBvY2giOjE3MjE0MjE0NTgsImRhdGEiOlt7Im5hbWUiOiJ0X2xvY2FsX2RhdGUiLCJ2YWwiOiIyMDI0LTA3LTE5In0seyJuYW1lIjoidF9sb2NhbF9ob3VyIiwidmFsIjoiMjAifSx7Im5hbWUiOiJ0X2xvY2FsX2RheV9vZl93ZWVrIiwidmFsIjoiNSJ9LHsibmFtZSI6InRfbG9jYWxfdGltZXpvbmUiLCJ2YWwiOiIwIn1dfSx7InR5cGUiOiJwYWdldmlldyIsInZpc2l0X3V1aWQiOiI3ZWQ2NDMzMy1iYjU1LTQ4MGYtNGVkYi1lOWU2YTU0ZGI3NGUiLCJwYWdldmlld19pZCI6IjA2Y2NkZjQxLTI0NmMtNGMwMy03MjAwLWVlNjU5MGJjOTY1ZCIsImRvbWFpbl9pZCI6IjQ4NDQ3MCIsInRfZXBvY2giOjE3MjE0MjE0NTgsImRhdGEiOlt7Im5hbWUiOiJsYW5ndWFnZV90YWciLCJ2YWwiOiJlbi1VUyJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJ2aXNpdF91dWlkIjoiN2VkNjQzMzMtYmI1NS00ODBmLTRlZGItZTllNmE1NGRiNzRlIiwicGFnZXZpZXdfaWQiOiIwNmNjZGY0MS0yNDZjLTRjMDMtNzIwMC1lZTY1OTBiYzk2NWQiLCJkb21haW5faWQiOiI0ODQ0NzAiLCJ0X2Vwb2NoIjoxNzIxNDIxNDU4LCJkYXRhIjpbeyJuYW1lIjoibGFuZ3VhZ2VfcHJpbWFyeV9zdWJ0YWciLCJ2YWwiOiJlbiJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJ2aXNpdF91dWlkIjoiN2VkNjQzMzMtYmI1NS00ODBmLTRlZGItZTllNmE1NGRiNzRlIiwicGFnZXZpZXdfaWQiOiIwNmNjZGY0MS0yNDZjLTRjMDMtNzIwMC1lZTY1OTBiYzk2NWQiLCJkb21haW5faWQiOiI0ODQ0NzAiLCJ0X2Vwb2NoIjoxNzIxNDIxNDU4LCJkYXRhIjpbeyJuYW1lIjoiZmlkX3ZhbHVlIiwidmFsIjoiMSJ9XX1d HTTP/2.0
host: g.ezoic.net
content-length: 0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

access-control-allow-origin: https://www.mediafire.com
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
date: Fri, 19 Jul 2024 20:37:39 GMT
expires: Thu, 18 Jul 2024 20:37:39 GMT
vary: Accept-Encoding
x-middleton-display: ezp_sol
POST

https://g.ezoic.net/detroitchicago/greenoaks.gif?orig=1&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwidmlzaXRfdXVpZCI6IjdlZDY0MzMzLWJiNTUtNDgwZi00ZWRiLWU5ZTZhNTRkYjc0ZSIsInBhZ2V2aWV3X2lkIjoiMDZjY2RmNDEtMjQ2Yy00YzAzLTcyMDAtZWU2NTkwYmM5NjVkIiwiZG9tYWluX2lkIjoiNDg0NDcwIiwidF9lcG9jaCI6MTcyMTQyMTQ1OCwiZGF0YSI6W3sibmFtZSI6Im5hdmlnYXRpb25fdHlwZSIsInZhbCI6IjAifSx7Im5hbWUiOiJyZWRpcmVjdF9jb3VudCIsInZhbCI6IjAifV19LHsidHlwZSI6InBhZ2V2aWV3IiwidmlzaXRfdXVpZCI6IjdlZDY0MzMzLWJiNTUtNDgwZi00ZWRiLWU5ZTZhNTRkYjc0ZSIsInBhZ2V2aWV3X2lkIjoiMDZjY2RmNDEtMjQ2Yy00YzAzLTcyMDAtZWU2NTkwYmM5NjVkIiwiZG9tYWluX2lkIjoiNDg0NDcwIiwidF9lcG9jaCI6MTcyMTQyMTQ1OCwiZGF0YSI6W3sibmFtZSI6InBlcmZfaXNfdHJhY2tlZCIsInZhbCI6IjEifSx7Im5hbWUiOiJwZXJmX25hdl90b19jb25uZWN0IiwidmFsIjoiOCJ9LHsibmFtZSI6InBlcmZfY29ubmVjdF90b19yZXNwX3N0YXJ0IiwidmFsIjoiNDYwIn0seyJuYW1lIjoicGVyZl9yZXNwX3RpbWUiLCJ2YWwiOiI0MTIifSx7Im5hbWUiOiJwZXJmX2ludGVyYWN0aXZlIiwidmFsIjoiMTYxIn0seyJuYW1lIjoicGVyZl9jb250ZW50bG9hZGVkIiwidmFsIjoiMTYyIn0seyJuYW1lIjoicGVyZl9jb21wbGV0ZSIsInZhbCI6IjE0NjkifV19LHsidHlwZSI6InBhZ2V2aWV3IiwidmlzaXRfdXVpZCI6IjdlZDY0MzMzLWJiNTUtNDgwZi00ZWRiLWU5ZTZhNTRkYjc0ZSIsInBhZ2V2aWV3X2lkIjoiMDZjY2RmNDEtMjQ2Yy00YzAzLTcyMDAtZWU2NTkwYmM5NjVkIiwiZG9tYWluX2lkIjoiNDg0NDcwIiwidF9lcG9jaCI6MTcyMTQyMTQ1OCwiZGF0YSI6W3sibmFtZSI6ImZpcnN0X3BhaW50IiwidmFsIjoiODg0In1dfSx7InR5cGUiOiJwYWdldmlldyIsInZpc2l0X3V1aWQiOiI3ZWQ2NDMzMy1iYjU1LTQ4MGYtNGVkYi1lOWU2YTU0ZGI3NGUiLCJwYWdldmlld19pZCI6IjA2Y2NkZjQxLTI0NmMtNGMwMy03MjAwLWVlNjU5MGJjOTY1ZCIsImRvbWFpbl9pZCI6IjQ4NDQ3MCIsInRfZXBvY2giOjE3MjE0MjE0NTgsImRhdGEiOlt7Im5hbWUiOiJmaXJzdF9jb250ZW50ZnVsX3BhaW50IiwidmFsIjoiODg0In1dfSx7InR5cGUiOiJwYWdldmlldyIsInZpc2l0X3V1aWQiOiI3ZWQ2NDMzMy1iYjU1LTQ4MGYtNGVkYi1lOWU2YTU0ZGI3NGUiLCJwYWdldmlld19pZCI6IjA2Y2NkZjQxLTI0NmMtNGMwMy03MjAwLWVlNjU5MGJjOTY1ZCIsImRvbWFpbl9pZCI6IjQ4NDQ3MCIsInRfZXBvY2giOjE3MjE0MjE0NTgsImRhdGEiOlt7Im5hbWUiOiJjb25uZWN0aW9uX2VmZmVjdGl2ZV90eXBlIiwidmFsIjoiNGcifV19XQ==

msedge.exe

Remote address:

13.37.187.223:443

Request

POST /detroitchicago/greenoaks.gif?orig=1&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwidmlzaXRfdXVpZCI6IjdlZDY0MzMzLWJiNTUtNDgwZi00ZWRiLWU5ZTZhNTRkYjc0ZSIsInBhZ2V2aWV3X2lkIjoiMDZjY2RmNDEtMjQ2Yy00YzAzLTcyMDAtZWU2NTkwYmM5NjVkIiwiZG9tYWluX2lkIjoiNDg0NDcwIiwidF9lcG9jaCI6MTcyMTQyMTQ1OCwiZGF0YSI6W3sibmFtZSI6Im5hdmlnYXRpb25fdHlwZSIsInZhbCI6IjAifSx7Im5hbWUiOiJyZWRpcmVjdF9jb3VudCIsInZhbCI6IjAifV19LHsidHlwZSI6InBhZ2V2aWV3IiwidmlzaXRfdXVpZCI6IjdlZDY0MzMzLWJiNTUtNDgwZi00ZWRiLWU5ZTZhNTRkYjc0ZSIsInBhZ2V2aWV3X2lkIjoiMDZjY2RmNDEtMjQ2Yy00YzAzLTcyMDAtZWU2NTkwYmM5NjVkIiwiZG9tYWluX2lkIjoiNDg0NDcwIiwidF9lcG9jaCI6MTcyMTQyMTQ1OCwiZGF0YSI6W3sibmFtZSI6InBlcmZfaXNfdHJhY2tlZCIsInZhbCI6IjEifSx7Im5hbWUiOiJwZXJmX25hdl90b19jb25uZWN0IiwidmFsIjoiOCJ9LHsibmFtZSI6InBlcmZfY29ubmVjdF90b19yZXNwX3N0YXJ0IiwidmFsIjoiNDYwIn0seyJuYW1lIjoicGVyZl9yZXNwX3RpbWUiLCJ2YWwiOiI0MTIifSx7Im5hbWUiOiJwZXJmX2ludGVyYWN0aXZlIiwidmFsIjoiMTYxIn0seyJuYW1lIjoicGVyZl9jb250ZW50bG9hZGVkIiwidmFsIjoiMTYyIn0seyJuYW1lIjoicGVyZl9jb21wbGV0ZSIsInZhbCI6IjE0NjkifV19LHsidHlwZSI6InBhZ2V2aWV3IiwidmlzaXRfdXVpZCI6IjdlZDY0MzMzLWJiNTUtNDgwZi00ZWRiLWU5ZTZhNTRkYjc0ZSIsInBhZ2V2aWV3X2lkIjoiMDZjY2RmNDEtMjQ2Yy00YzAzLTcyMDAtZWU2NTkwYmM5NjVkIiwiZG9tYWluX2lkIjoiNDg0NDcwIiwidF9lcG9jaCI6MTcyMTQyMTQ1OCwiZGF0YSI6W3sibmFtZSI6ImZpcnN0X3BhaW50IiwidmFsIjoiODg0In1dfSx7InR5cGUiOiJwYWdldmlldyIsInZpc2l0X3V1aWQiOiI3ZWQ2NDMzMy1iYjU1LTQ4MGYtNGVkYi1lOWU2YTU0ZGI3NGUiLCJwYWdldmlld19pZCI6IjA2Y2NkZjQxLTI0NmMtNGMwMy03MjAwLWVlNjU5MGJjOTY1ZCIsImRvbWFpbl9pZCI6IjQ4NDQ3MCIsInRfZXBvY2giOjE3MjE0MjE0NTgsImRhdGEiOlt7Im5hbWUiOiJmaXJzdF9jb250ZW50ZnVsX3BhaW50IiwidmFsIjoiODg0In1dfSx7InR5cGUiOiJwYWdldmlldyIsInZpc2l0X3V1aWQiOiI3ZWQ2NDMzMy1iYjU1LTQ4MGYtNGVkYi1lOWU2YTU0ZGI3NGUiLCJwYWdldmlld19pZCI6IjA2Y2NkZjQxLTI0NmMtNGMwMy03MjAwLWVlNjU5MGJjOTY1ZCIsImRvbWFpbl9pZCI6IjQ4NDQ3MCIsInRfZXBvY2giOjE3MjE0MjE0NTgsImRhdGEiOlt7Im5hbWUiOiJjb25uZWN0aW9uX2VmZmVjdGl2ZV90eXBlIiwidmFsIjoiNGcifV19XQ== HTTP/2.0
host: g.ezoic.net
content-length: 0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

access-control-allow-origin: https://www.mediafire.com
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
date: Fri, 19 Jul 2024 20:37:39 GMT
expires: Thu, 18 Jul 2024 20:37:39 GMT
vary: Accept-Encoding
x-middleton-display: ezp_sol
POST

https://g.ezoic.net/detroitchicago/greenoaks.gif?orig=1&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwidmlzaXRfdXVpZCI6IjdlZDY0MzMzLWJiNTUtNDgwZi00ZWRiLWU5ZTZhNTRkYjc0ZSIsInBhZ2V2aWV3X2lkIjoiMDZjY2RmNDEtMjQ2Yy00YzAzLTcyMDAtZWU2NTkwYmM5NjVkIiwiZG9tYWluX2lkIjoiNDg0NDcwIiwidF9lcG9jaCI6MTcyMTQyMTQ1OCwiZGF0YSI6W3sibmFtZSI6ImNvbm5lY3Rpb25fZG93bmxpbmsiLCJ2YWwiOiIxMCJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJ2aXNpdF91dWlkIjoiN2VkNjQzMzMtYmI1NS00ODBmLTRlZGItZTllNmE1NGRiNzRlIiwicGFnZXZpZXdfaWQiOiIwNmNjZGY0MS0yNDZjLTRjMDMtNzIwMC1lZTY1OTBiYzk2NWQiLCJkb21haW5faWQiOiI0ODQ0NzAiLCJ0X2Vwb2NoIjoxNzIxNDIxNDU4LCJkYXRhIjpbeyJuYW1lIjoiY29ubmVjdGlvbl9ydHQiLCJ2YWwiOiI1MCJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJ2aXNpdF91dWlkIjoiN2VkNjQzMzMtYmI1NS00ODBmLTRlZGItZTllNmE1NGRiNzRlIiwicGFnZXZpZXdfaWQiOiIwNmNjZGY0MS0yNDZjLTRjMDMtNzIwMC1lZTY1OTBiYzk2NWQiLCJkb21haW5faWQiOiI0ODQ0NzAiLCJ0X2Vwb2NoIjoxNzIxNDIxNDU4LCJkYXRhIjpbeyJuYW1lIjoibGNwX3ZhbHVlIiwidmFsIjoiMTg1NSJ9XX1d

msedge.exe

Remote address:

13.37.187.223:443

Request

POST /detroitchicago/greenoaks.gif?orig=1&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwidmlzaXRfdXVpZCI6IjdlZDY0MzMzLWJiNTUtNDgwZi00ZWRiLWU5ZTZhNTRkYjc0ZSIsInBhZ2V2aWV3X2lkIjoiMDZjY2RmNDEtMjQ2Yy00YzAzLTcyMDAtZWU2NTkwYmM5NjVkIiwiZG9tYWluX2lkIjoiNDg0NDcwIiwidF9lcG9jaCI6MTcyMTQyMTQ1OCwiZGF0YSI6W3sibmFtZSI6ImNvbm5lY3Rpb25fZG93bmxpbmsiLCJ2YWwiOiIxMCJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJ2aXNpdF91dWlkIjoiN2VkNjQzMzMtYmI1NS00ODBmLTRlZGItZTllNmE1NGRiNzRlIiwicGFnZXZpZXdfaWQiOiIwNmNjZGY0MS0yNDZjLTRjMDMtNzIwMC1lZTY1OTBiYzk2NWQiLCJkb21haW5faWQiOiI0ODQ0NzAiLCJ0X2Vwb2NoIjoxNzIxNDIxNDU4LCJkYXRhIjpbeyJuYW1lIjoiY29ubmVjdGlvbl9ydHQiLCJ2YWwiOiI1MCJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJ2aXNpdF91dWlkIjoiN2VkNjQzMzMtYmI1NS00ODBmLTRlZGItZTllNmE1NGRiNzRlIiwicGFnZXZpZXdfaWQiOiIwNmNjZGY0MS0yNDZjLTRjMDMtNzIwMC1lZTY1OTBiYzk2NWQiLCJkb21haW5faWQiOiI0ODQ0NzAiLCJ0X2Vwb2NoIjoxNzIxNDIxNDU4LCJkYXRhIjpbeyJuYW1lIjoibGNwX3ZhbHVlIiwidmFsIjoiMTg1NSJ9XX1d HTTP/2.0
host: g.ezoic.net
content-length: 0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

access-control-allow-origin: https://www.mediafire.com
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
date: Fri, 19 Jul 2024 20:37:39 GMT
expires: Thu, 18 Jul 2024 20:37:39 GMT
vary: Accept-Encoding
x-middleton-display: ezp_sol
POST

https://g.ezoic.net/detroitchicago/greenoaks.gif?orig=1&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwidmlzaXRfdXVpZCI6IjdlZDY0MzMzLWJiNTUtNDgwZi00ZWRiLWU5ZTZhNTRkYjc0ZSIsInBhZ2V2aWV3X2lkIjoiMDZjY2RmNDEtMjQ2Yy00YzAzLTcyMDAtZWU2NTkwYmM5NjVkIiwiZG9tYWluX2lkIjoiNDg0NDcwIiwidF9lcG9jaCI6MTcyMTQyMTQ1OCwiZGF0YSI6W3sibmFtZSI6InRfdW5sb2FkIiwidmFsIjoiMTcyMTQyMTQ2MTc1MyJ9XX1d

msedge.exe

Remote address:

13.37.187.223:443

Request

POST /detroitchicago/greenoaks.gif?orig=1&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwidmlzaXRfdXVpZCI6IjdlZDY0MzMzLWJiNTUtNDgwZi00ZWRiLWU5ZTZhNTRkYjc0ZSIsInBhZ2V2aWV3X2lkIjoiMDZjY2RmNDEtMjQ2Yy00YzAzLTcyMDAtZWU2NTkwYmM5NjVkIiwiZG9tYWluX2lkIjoiNDg0NDcwIiwidF9lcG9jaCI6MTcyMTQyMTQ1OCwiZGF0YSI6W3sibmFtZSI6InRfdW5sb2FkIiwidmFsIjoiMTcyMTQyMTQ2MTc1MyJ9XX1d HTTP/2.0
host: g.ezoic.net
content-length: 0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

access-control-allow-origin: https://www.mediafire.com
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
date: Fri, 19 Jul 2024 20:37:43 GMT
expires: Thu, 18 Jul 2024 20:37:43 GMT
vary: Accept-Encoding
x-middleton-display: ezp_sol
POST

https://g.ezoic.net/detroitchicago/greenoaks.gif?orig=1&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwidmlzaXRfdXVpZCI6IjdlZDY0MzMzLWJiNTUtNDgwZi00ZWRiLWU5ZTZhNTRkYjc0ZSIsInBhZ2V2aWV3X2lkIjoiMDZjY2RmNDEtMjQ2Yy00YzAzLTcyMDAtZWU2NTkwYmM5NjVkIiwiZG9tYWluX2lkIjoiNDg0NDcwIiwidF9lcG9jaCI6MTcyMTQyMTQ1OCwiZGF0YSI6W3sibmFtZSI6ImVuZ2FnZWRfdGltZSIsInZhbCI6IjEifV19XQ==

msedge.exe

Remote address:

13.37.187.223:443

Request

POST /detroitchicago/greenoaks.gif?orig=1&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwidmlzaXRfdXVpZCI6IjdlZDY0MzMzLWJiNTUtNDgwZi00ZWRiLWU5ZTZhNTRkYjc0ZSIsInBhZ2V2aWV3X2lkIjoiMDZjY2RmNDEtMjQ2Yy00YzAzLTcyMDAtZWU2NTkwYmM5NjVkIiwiZG9tYWluX2lkIjoiNDg0NDcwIiwidF9lcG9jaCI6MTcyMTQyMTQ1OCwiZGF0YSI6W3sibmFtZSI6ImVuZ2FnZWRfdGltZSIsInZhbCI6IjEifV19XQ== HTTP/2.0
host: g.ezoic.net
content-length: 0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

access-control-allow-origin: https://www.mediafire.com
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
date: Fri, 19 Jul 2024 20:37:47 GMT
expires: Thu, 18 Jul 2024 20:37:47 GMT
vary: Accept-Encoding
x-middleton-display: ezp_sol
POST

https://g.ezoic.net/detroitchicago/greenoaks.gif?orig=1&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwidmlzaXRfdXVpZCI6IjdlZDY0MzMzLWJiNTUtNDgwZi00ZWRiLWU5ZTZhNTRkYjc0ZSIsInBhZ2V2aWV3X2lkIjoiMDZjY2RmNDEtMjQ2Yy00YzAzLTcyMDAtZWU2NTkwYmM5NjVkIiwiZG9tYWluX2lkIjoiNDg0NDcwIiwidF9lcG9jaCI6MTcyMTQyMTQ1OCwiZGF0YSI6W3sibmFtZSI6ImNsc192YWx1ZSIsInZhbCI6IjAifV19XQ==

msedge.exe

Remote address:

13.37.187.223:443

Request

POST /detroitchicago/greenoaks.gif?orig=1&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwidmlzaXRfdXVpZCI6IjdlZDY0MzMzLWJiNTUtNDgwZi00ZWRiLWU5ZTZhNTRkYjc0ZSIsInBhZ2V2aWV3X2lkIjoiMDZjY2RmNDEtMjQ2Yy00YzAzLTcyMDAtZWU2NTkwYmM5NjVkIiwiZG9tYWluX2lkIjoiNDg0NDcwIiwidF9lcG9jaCI6MTcyMTQyMTQ1OCwiZGF0YSI6W3sibmFtZSI6ImNsc192YWx1ZSIsInZhbCI6IjAifV19XQ== HTTP/2.0
host: g.ezoic.net
content-length: 0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

access-control-allow-origin: https://www.mediafire.com
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
date: Fri, 19 Jul 2024 20:37:49 GMT
expires: Thu, 18 Jul 2024 20:37:49 GMT
vary: Accept-Encoding
x-middleton-display: ezp_sol
POST

https://g.ezoic.net/detroitchicago/greenoaks.gif?orig=1&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwidmlzaXRfdXVpZCI6IjdlZDY0MzMzLWJiNTUtNDgwZi00ZWRiLWU5ZTZhNTRkYjc0ZSIsInBhZ2V2aWV3X2lkIjoiMDZjY2RmNDEtMjQ2Yy00YzAzLTcyMDAtZWU2NTkwYmM5NjVkIiwiZG9tYWluX2lkIjoiNDg0NDcwIiwidF9lcG9jaCI6MTcyMTQyMTQ1OCwiZGF0YSI6W3sibmFtZSI6InB2X2V2ZW50X2NvdW50IiwidmFsIjoiMSJ9LHsibmFtZSI6InRpbWVfb25fcGFnZV9ldmVudCIsInZhbCI6IjMwIn1dfV0=

msedge.exe

Remote address:

13.37.187.223:443

Request

POST /detroitchicago/greenoaks.gif?orig=1&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwidmlzaXRfdXVpZCI6IjdlZDY0MzMzLWJiNTUtNDgwZi00ZWRiLWU5ZTZhNTRkYjc0ZSIsInBhZ2V2aWV3X2lkIjoiMDZjY2RmNDEtMjQ2Yy00YzAzLTcyMDAtZWU2NTkwYmM5NjVkIiwiZG9tYWluX2lkIjoiNDg0NDcwIiwidF9lcG9jaCI6MTcyMTQyMTQ1OCwiZGF0YSI6W3sibmFtZSI6InB2X2V2ZW50X2NvdW50IiwidmFsIjoiMSJ9LHsibmFtZSI6InRpbWVfb25fcGFnZV9ldmVudCIsInZhbCI6IjMwIn1dfV0= HTTP/2.0
host: g.ezoic.net
content-length: 0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

access-control-allow-origin: https://www.mediafire.com
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
date: Fri, 19 Jul 2024 20:38:09 GMT
expires: Thu, 18 Jul 2024 20:38:09 GMT
vary: Accept-Encoding
x-middleton-display: ezp_sol
POST

https://g.ezoic.net/detroitchicago/greenoaks.gif?orig=1&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwidmlzaXRfdXVpZCI6IjdlZDY0MzMzLWJiNTUtNDgwZi00ZWRiLWU5ZTZhNTRkYjc0ZSIsInBhZ2V2aWV3X2lkIjoiMDZjY2RmNDEtMjQ2Yy00YzAzLTcyMDAtZWU2NTkwYmM5NjVkIiwiZG9tYWluX2lkIjoiNDg0NDcwIiwidF9lcG9jaCI6MTcyMTQyMTQ1OCwiZGF0YSI6W3sibmFtZSI6InB2X2V2ZW50X2NvdW50IiwidmFsIjoiMiJ9LHsibmFtZSI6InRpbWVfb25fcGFnZV9ldmVudCIsInZhbCI6IjQ1In1dfV0=

msedge.exe

Remote address:

13.37.187.223:443

Request

POST /detroitchicago/greenoaks.gif?orig=1&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwidmlzaXRfdXVpZCI6IjdlZDY0MzMzLWJiNTUtNDgwZi00ZWRiLWU5ZTZhNTRkYjc0ZSIsInBhZ2V2aWV3X2lkIjoiMDZjY2RmNDEtMjQ2Yy00YzAzLTcyMDAtZWU2NTkwYmM5NjVkIiwiZG9tYWluX2lkIjoiNDg0NDcwIiwidF9lcG9jaCI6MTcyMTQyMTQ1OCwiZGF0YSI6W3sibmFtZSI6InB2X2V2ZW50X2NvdW50IiwidmFsIjoiMiJ9LHsibmFtZSI6InRpbWVfb25fcGFnZV9ldmVudCIsInZhbCI6IjQ1In1dfV0= HTTP/2.0
host: g.ezoic.net
content-length: 0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

access-control-allow-origin: https://www.mediafire.com
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
date: Fri, 19 Jul 2024 20:38:25 GMT
expires: Thu, 18 Jul 2024 20:38:25 GMT
vary: Accept-Encoding
x-middleton-display: ezp_sol
DNS

go.ezodn.com

msedge.exe

Remote address:

8.8.8.8:53

Request

go.ezodn.com

IN A

Response

go.ezodn.com

IN A

104.21.87.79

go.ezodn.com

IN A

172.67.142.121
GET

https://go.ezodn.com/detroitchicago/boise.js?gcb=195-12&cb=5

msedge.exe

Remote address:

104.21.87.79:443

Request

GET /detroitchicago/boise.js?gcb=195-12&cb=5 HTTP/2.0
host: go.ezodn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Fri, 19 Jul 2024 20:37:38 GMT
content-type: application/javascript
cache-control: public, max-age=31536000
vary: Accept-Encoding
x-middleton-display: sol-js
x-robots-tag: noindex
last-modified: Wed, 08 May 2024 21:12:41 GMT
cf-cache-status: HIT
age: 6218696
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vempI8JDy3BB4uxBYrCVQNJ1fQUK1Xw3Fdz4odM63dgBi0omw9fGDAanN1kRgPxoGWhiozBwMmSm4jROZAe38K2UwVNmb5kwWqeL2wavl8LRhfxZZwVMuDYtto4APMk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8a5d82b1af016397-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://go.ezodn.com/parsonsmaize/abilene.js?gcb=195-12&cb=35

msedge.exe

Remote address:

104.21.87.79:443

Request

GET /parsonsmaize/abilene.js?gcb=195-12&cb=35 HTTP/2.0
host: go.ezodn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Fri, 19 Jul 2024 20:37:38 GMT
content-type: application/javascript
cache-control: public, max-age=31536000
vary: Accept-Encoding
x-middleton-display: sol-js
x-robots-tag: noindex
last-modified: Mon, 10 Jun 2024 19:03:22 GMT
cf-cache-status: HIT
age: 3375249
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ivJLgfroj2WR3SrWxi9O9zOG9xcBWBxeN%2FvlRWctqck%2FZF7u8AGOzsQQq2WlHmkCpgYoavpk8O0Fi26VvKd65PckVEqTAteGdU23gqD%2BW7W4dq9PgdPRNNfoguBJKJc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8a5d82b1af056397-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://go.ezodn.com/porpoiseant/et.js?gcb=195-12&cb=3

msedge.exe

Remote address:

104.21.87.79:443

Request

GET /porpoiseant/et.js?gcb=195-12&cb=3 HTTP/2.0
host: go.ezodn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Fri, 19 Jul 2024 20:37:38 GMT
content-type: application/javascript
cache-control: public, max-age=31536000
vary: Accept-Encoding
x-middleton-display: sol-js
x-robots-tag: noindex
last-modified: Thu, 16 May 2024 00:29:26 GMT
cf-cache-status: HIT
age: 5602085
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7naiSmZRdcHNAqjVR5AGUNSx6yJp86uTBso%2Bdxvw%2BAEnnEvnGXIMjz2%2BnH8VT0hZHwZem4qKpde4EYGICGRV%2BkosYtXDYWS%2FEgiB9uXhJPWz99FxGLR8OUBROF73uQQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8a5d82b1af086397-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://go.ezodn.com/parsonsmaize/mulvane.js?gcb=195-12&cb=10

msedge.exe

Remote address:

104.21.87.79:443

Request

GET /parsonsmaize/mulvane.js?gcb=195-12&cb=10 HTTP/2.0
host: go.ezodn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Fri, 19 Jul 2024 20:37:38 GMT
content-type: application/javascript
cache-control: public, max-age=31536000
vary: Accept-Encoding
x-middleton-display: sol-js
x-robots-tag: noindex
last-modified: Wed, 08 May 2024 21:12:40 GMT
cf-cache-status: HIT
age: 1381724
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wV1o%2FkgI9mnX%2FWVdgdVDUea%2FYnNIaQjoOvMUB7uGGa8mkTkoi0Up9JwFAGYVjeC1RelErV2sLP7Sfn9%2FhVgZ3JpEieCqMYqA7UtrcoDtE%2BPWkpMj6iF8baecLwcL1jU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8a5d82b23f9b6397-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://go.ezodn.com/detroitchicago/wichita.js?gcb=195-12&cb=12

msedge.exe

Remote address:

104.21.87.79:443

Request

GET /detroitchicago/wichita.js?gcb=195-12&cb=12 HTTP/2.0
host: go.ezodn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Fri, 19 Jul 2024 20:37:38 GMT
content-type: application/javascript
cache-control: public, max-age=31536000
vary: Accept-Encoding
x-middleton-display: sol-js
x-robots-tag: noindex
last-modified: Wed, 08 May 2024 21:12:40 GMT
cf-cache-status: HIT
age: 1379126
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tsHvZyL4WHlfMkdb%2BdmYIeUUcq2UMhGvfLCi4uGn0tTkiIJvT%2F6qpsBP9yzmqe569qqp7ZWuzf8nhsLTN3GjRUsTvIA1sB2oJ8d7LMEaDMRxFBpXxKggi5svVo0mMBY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8a5d82b23f996397-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://go.ezodn.com/detroitchicago/raleigh.js?gcb=195-12&cb=7

msedge.exe

Remote address:

104.21.87.79:443

Request

GET /detroitchicago/raleigh.js?gcb=195-12&cb=7 HTTP/2.0
host: go.ezodn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Fri, 19 Jul 2024 20:37:38 GMT
content-type: application/javascript
cache-control: public, max-age=31536000
vary: Accept-Encoding
x-middleton-display: sol-js
x-robots-tag: noindex
last-modified: Tue, 26 Mar 2024 04:06:31 GMT
cf-cache-status: HIT
age: 6218698
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9i3meeDg2bHUYkzqzU1i2eQz%2ByvnoW6y9Jsx5BdmAgYBz9H8y6dw1q2PyPkY1t0nd79g9fwEx0RydajFB2Gjg4aXHfh%2BdYxX%2B%2F9BmYxSFWvI2QJcAyShCM%2FVh7YoDO8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8a5d82b23f9e6397-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://go.ezodn.com/detroitchicago/vista.js?gcb=195-12&cb=6

msedge.exe

Remote address:

104.21.87.79:443

Request

GET /detroitchicago/vista.js?gcb=195-12&cb=6 HTTP/2.0
host: go.ezodn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Fri, 19 Jul 2024 20:37:38 GMT
content-type: application/javascript
cache-control: public, max-age=31536000
vary: Accept-Encoding
x-middleton-display: sol-js
x-robots-tag: noindex
last-modified: Tue, 11 Jun 2024 15:31:11 GMT
cf-cache-status: HIT
age: 3301585
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3MdZRLiIsodXiPocN9oEYyuTVUsKHt0KyBfiXx83HN7oPnKgP4OTStvAChKLrd4JPbxLuiEY8PnlXEd%2B2HqIOYYCfRg%2F4ZBeZdvtsILwwVBPT5ynd0Vidt7gUk8wPeY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8a5d82b23f986397-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://go.ezodn.com/parsonsmaize/olathe.js?gcb=195-12&cb=25

msedge.exe

Remote address:

104.21.87.79:443

Request

GET /parsonsmaize/olathe.js?gcb=195-12&cb=25 HTTP/2.0
host: go.ezodn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Fri, 19 Jul 2024 20:37:38 GMT
content-type: application/javascript
cache-control: public, max-age=31536000
vary: Accept-Encoding
x-middleton-display: sol-js
x-robots-tag: noindex
last-modified: Mon, 10 Jun 2024 22:21:30 GMT
cf-cache-status: HIT
age: 3363367
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rzhck0V8BZjt0%2FLEhaUE9s4BsAohtArdDI7qDgb6tM558STowMyXZw6Jz1mifgLgcm4hxdhlpvOaYOGqkYFZVcsXNk3jgFIt2QMB6DTv8D6fM7z8AkkiYmnN044Rhug%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8a5d82b278046397-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://go.ezodn.com/parsonsmaize/chanute.js?a=a&cb=10&dcb=195-12&shcb=34

msedge.exe

Remote address:

104.21.87.79:443

Request

GET /parsonsmaize/chanute.js?a=a&cb=10&dcb=195-12&shcb=34 HTTP/2.0
host: go.ezodn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Fri, 19 Jul 2024 20:37:38 GMT
content-type: application/javascript
cache-control: public, max-age=31536000
vary: Accept-Encoding
x-middleton-display: sol-js
x-robots-tag: noindex
last-modified: Thu, 28 Mar 2024 22:26:23 GMT
cf-cache-status: HIT
age: 6218698
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FqUFodpijR0CHKwpGdtyyof0eVL0ZKSepZduoDI%2BJLhcjHYvv6PnucTfB%2B2NuOpbj7y7bCtYCvoXDWrBk9T08FvMr4bcH1kjn1o5qlvbsooKTfkMh0ZvMgXcsyEz%2BDs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8a5d82b2880f6397-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://go.ezodn.com/tardisrocinante/vitals.js?gcb=195-12&cb=4

msedge.exe

Remote address:

104.21.87.79:443

Request

GET /tardisrocinante/vitals.js?gcb=195-12&cb=4 HTTP/2.0
host: go.ezodn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Fri, 19 Jul 2024 20:37:38 GMT
content-type: application/javascript
cache-control: public, max-age=31536000
vary: Accept-Encoding
x-middleton-display: sol-js
x-robots-tag: noindex
last-modified: Tue, 11 Jun 2024 14:43:26 GMT
cf-cache-status: HIT
age: 3304448
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3%2F2k3xgOhSWmdGQBhkBAP2u2SEdA16%2F8OD0RVNqxw8UO8%2FuEMP705%2BC56ZfNp7RRP15yjEM0N61MkDuHqcBnXBZil%2FHNx%2F98VkoJ2msoD1wgeFxj3dDpBUtDVtSQ0tk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8a5d82b2880a6397-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
DNS

www.mediafiredls.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.mediafiredls.com

IN A

Response

www.mediafiredls.com

IN A

172.67.73.78

www.mediafiredls.com

IN A

104.26.3.173

www.mediafiredls.com

IN A

104.26.2.173
DNS

securepubads.g.doubleclick.net

msedge.exe

Remote address:

8.8.8.8:53

Request

securepubads.g.doubleclick.net

IN A

Response

securepubads.g.doubleclick.net

IN A

142.250.201.162
DNS

otnolatrnup.com

msedge.exe

Remote address:

8.8.8.8:53

Request

otnolatrnup.com

IN A

Response

otnolatrnup.com

IN A

104.16.53.110

otnolatrnup.com

IN A

104.16.52.110
GET

https://www.mediafiredls.com/adsupply/0

msedge.exe

Remote address:

172.67.73.78:443

Request

GET /adsupply/0 HTTP/2.0
host: www.mediafiredls.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 403

date: Fri, 19 Jul 2024 20:37:38 GMT
content-type: text/html; charset=UTF-8
x-frame-options: SAMEORIGIN
referrer-policy: same-origin
cache-control: max-age=15
expires: Fri, 19 Jul 2024 20:37:53 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5YrlUtYVjP%2BJn4FvR8gGUT4DP%2Fk6GGAiHXt5rAMk6GLiqnmcogWoaePmZQUZGuQSyOizXWuXYkcl9PkbXrQOfA5IPPOOX7U3w7%2BuHTRRKyfCHn3Tz1c%2Bsl2lZvwk%2FEa2wK310nR5"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8a5d82b1de736542-LHR
content-encoding: br
GET

https://www.mediafiredls.com/onclick/0

msedge.exe

Remote address:

172.67.73.78:443

Request

GET /onclick/0 HTTP/2.0
host: www.mediafiredls.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 403

date: Fri, 19 Jul 2024 20:37:38 GMT
content-type: text/html; charset=UTF-8
x-frame-options: SAMEORIGIN
referrer-policy: same-origin
cache-control: max-age=15
expires: Fri, 19 Jul 2024 20:37:53 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HcOafZobtRTZZLutbF9gpBysBxeafershvmHcB9rPVI06OvHo1IHMj2WXPHhucTEaY1E2NHOyFNiEuRE1OLxQl0cb8ryYK21l4rp6xdUnj%2B41DyDy6dBoKKwEvmN6mD%2Fgbrvgbjw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8a5d82b2cfc36542-LHR
content-encoding: br
GET

https://www.mediafiredls.com/clicked/1

msedge.exe

Remote address:

172.67.73.78:443

Request

GET /clicked/1 HTTP/2.0
host: www.mediafiredls.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 403

date: Fri, 19 Jul 2024 20:37:42 GMT
content-type: text/html; charset=UTF-8
x-frame-options: SAMEORIGIN
referrer-policy: same-origin
cache-control: max-age=15
expires: Fri, 19 Jul 2024 20:37:57 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=evte7vUzIu7nDzRQUeb%2FsRlL%2BndSI2agcLCwAg85bKRdlGZb5lEYDrvecjyjXuvqDDbQXuHTGXkKmeyHCiEd3PiyLSyiGfGLaxzP0rvD2lIy220hyWA0JrlyOSWHzip6tDvKAR05"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8a5d82cc09b36542-LHR
content-encoding: br
GET

https://www.mediafiredls.com/completed/1

msedge.exe

Remote address:

172.67.73.78:443

Request

GET /completed/1 HTTP/2.0
host: www.mediafiredls.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 403

date: Fri, 19 Jul 2024 20:37:42 GMT
content-type: text/html; charset=UTF-8
x-frame-options: SAMEORIGIN
referrer-policy: same-origin
cache-control: max-age=15
expires: Fri, 19 Jul 2024 20:37:57 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6qzdaO3KWpn%2F%2BvG1%2FKaYahGg4dCryepT7E5%2BjwsJ6FserkMsXWKCSy%2B1vhEAqvigSKmgiyCZxgQA6lM9Gx%2FM5v%2FwwvA357JoRIRUGGU%2FvhuchKYTocfACT13ow63Fk8zzo42ZtK1"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8a5d82cc2a0b6542-LHR
content-encoding: br
GET

https://securepubads.g.doubleclick.net/tag/js/gpt.js

msedge.exe

Remote address:

142.250.201.162:443

Request

GET /tag/js/gpt.js HTTP/2.0
host: securepubads.g.doubleclick.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

msedge.exe

Remote address:

142.250.201.162:443

Request

GET /pagead/drt/si?st=NO_DATA HTTP/2.0
host: googleads.g.doubleclick.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

hbopenbid.pubmatic.com

msedge.exe

Remote address:

8.8.8.8:53

Request

hbopenbid.pubmatic.com

IN A

Response

hbopenbid.pubmatic.com

IN CNAME

hbprebid-v3.pubmnet.com

hbprebid-v3.pubmnet.com

IN CNAME

hbopenbid-lhrc.pubmnet.com

hbopenbid-lhrc.pubmnet.com

IN A

185.64.190.77
DNS

btlr.sharethrough.com

msedge.exe

Remote address:

8.8.8.8:53

Request

btlr.sharethrough.com

IN A

Response

btlr.sharethrough.com

IN CNAME

btlr-eu-central-1.sharethrough.com

btlr-eu-central-1.sharethrough.com

IN A

18.195.54.126

btlr-eu-central-1.sharethrough.com

IN A

18.193.239.88

btlr-eu-central-1.sharethrough.com

IN A

52.57.231.117

btlr-eu-central-1.sharethrough.com

IN A

35.156.158.3

btlr-eu-central-1.sharethrough.com

IN A

3.122.81.92

btlr-eu-central-1.sharethrough.com

IN A

3.70.34.151

btlr-eu-central-1.sharethrough.com

IN A

54.93.131.27

btlr-eu-central-1.sharethrough.com

IN A

52.57.23.171
DNS

tlx.3lift.com

msedge.exe

Remote address:

8.8.8.8:53

Request

tlx.3lift.com

IN A

Response

tlx.3lift.com

IN CNAME

eu-tlx.3lift.com

eu-tlx.3lift.com

IN A

3.124.64.248

eu-tlx.3lift.com

IN A

18.157.230.4

eu-tlx.3lift.com

IN A

3.78.168.176
DNS

prebid.media.net

msedge.exe

Remote address:

8.8.8.8:53

Request

prebid.media.net

IN A

Response

prebid.media.net

IN A

34.120.63.153
POST

https://hbopenbid.pubmatic.com/translator?source=prebid-client

msedge.exe

Remote address:

185.64.190.77:443

Request

POST /translator?source=prebid-client HTTP/2.0
host: hbopenbid.pubmatic.com
content-length: 2269
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

access-control-allow-credentials: true
access-control-allow-origin: https://www.mediafire.com
cache-control: no-cache, no-store, must-revalidate
date: Fri, 19 Jul 2024 20:37:38 GMT
POST

https://prebid.media.net/rtb/prebid?cid=8CUO2689O

msedge.exe

Remote address:

34.120.63.153:443

Request

POST /rtb/prebid?cid=8CUO2689O HTTP/2.0
host: prebid.media.net
content-length: 3781
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
POST

https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1

msedge.exe

Remote address:

18.195.54.126:443

Request

POST /universal/v1?supply_id=WYu2BXv1 HTTP/2.0
host: btlr.sharethrough.com
content-length: 1303
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

date: Fri, 19 Jul 2024 20:37:38 GMT
access-control-allow-origin: https://www.mediafire.com
access-control-allow-credentials: true
POST

https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1

msedge.exe

Remote address:

18.195.54.126:443

Request

POST /universal/v1?supply_id=WYu2BXv1 HTTP/2.0
host: btlr.sharethrough.com
content-length: 1321
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

date: Fri, 19 Jul 2024 20:37:38 GMT
access-control-allow-origin: https://www.mediafire.com
access-control-allow-credentials: true
POST

https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1

msedge.exe

Remote address:

18.195.54.126:443

Request

POST /universal/v1?supply_id=WYu2BXv1 HTTP/2.0
host: btlr.sharethrough.com
content-length: 1322
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

date: Fri, 19 Jul 2024 20:37:38 GMT
access-control-allow-origin: https://www.mediafire.com
access-control-allow-credentials: true
POST

https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1

msedge.exe

Remote address:

18.195.54.126:443

Request

POST /universal/v1?supply_id=WYu2BXv1 HTTP/2.0
host: btlr.sharethrough.com
content-length: 1303
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

date: Fri, 19 Jul 2024 20:37:38 GMT
access-control-allow-origin: https://www.mediafire.com
access-control-allow-credentials: true
POST

https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1

msedge.exe

Remote address:

18.195.54.126:443

Request

POST /universal/v1?supply_id=WYu2BXv1 HTTP/2.0
host: btlr.sharethrough.com
content-length: 1303
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

date: Fri, 19 Jul 2024 20:37:38 GMT
access-control-allow-origin: https://www.mediafire.com
access-control-allow-credentials: true
POST

https://tlx.3lift.com/header/auction?lib=prebid&v=8.10.0&referrer=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fvehz5gm393ydtoz%2Fnitrogen.zip&tmax=1000

msedge.exe

Remote address:

3.124.64.248:443

Request

POST /header/auction?lib=prebid&v=8.10.0&referrer=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fvehz5gm393ydtoz%2Fnitrogen.zip&tmax=1000 HTTP/2.0
host: tlx.3lift.com
content-length: 2906
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: application/json; charset=utf-8
cache-control: no-cache, no-store, must-revalidate
expires: Thu, 15 Oct 1992 20:10:00 GMT
pragma: no-cache
x-xss-protection: 0
access-control-allow-origin: https://www.mediafire.com
access-control-allow-credentials: true
x-auction-status: 29
x-auction-status: 29
vary: Accept-Encoding
content-encoding: gzip
DNS

tags.crwdcntrl.net

msedge.exe

Remote address:

8.8.8.8:53

Request

tags.crwdcntrl.net

IN A

Response

tags.crwdcntrl.net

IN A

18.245.143.83

tags.crwdcntrl.net

IN A

18.245.143.100

tags.crwdcntrl.net

IN A

18.245.143.118

tags.crwdcntrl.net

IN A

18.245.143.58
DNS

ad.crwdcntrl.net

msedge.exe

Remote address:

8.8.8.8:53

Request

ad.crwdcntrl.net

IN A

Response

ad.crwdcntrl.net

IN A

54.194.127.62

ad.crwdcntrl.net

IN A

52.30.227.82

ad.crwdcntrl.net

IN A

52.214.212.45

ad.crwdcntrl.net

IN A

99.80.240.203

ad.crwdcntrl.net

IN A

54.217.140.248

ad.crwdcntrl.net

IN A

54.77.210.40

ad.crwdcntrl.net

IN A

54.195.184.161

ad.crwdcntrl.net

IN A

52.31.166.146
DNS

bcp.crwdcntrl.net

msedge.exe

Remote address:

8.8.8.8:53

Request

bcp.crwdcntrl.net

IN A

Response

bcp.crwdcntrl.net

IN A

52.31.166.146

bcp.crwdcntrl.net

IN A

54.217.140.248

bcp.crwdcntrl.net

IN A

54.195.184.161

bcp.crwdcntrl.net

IN A

54.194.127.62

bcp.crwdcntrl.net

IN A

99.80.240.203

bcp.crwdcntrl.net

IN A

54.77.210.40

bcp.crwdcntrl.net

IN A

52.30.227.82

bcp.crwdcntrl.net

IN A

18.202.12.177
GET

https://ad.crwdcntrl.net/5/c=3722/pe=y/callback=g367CB268B1094004A3689751E7AC568F.Lotame.CallExtractionAPICallback?52378525

msedge.exe

Remote address:

54.194.127.62:443

Request

GET /5/c=3722/pe=y/callback=g367CB268B1094004A3689751E7AC568F.Lotame.CallExtractionAPICallback?52378525 HTTP/2.0
host: ad.crwdcntrl.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 404

date: Fri, 19 Jul 2024 20:37:38 GMT
content-type: application/javascript;charset=utf-8
content-length: 146
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
cache-control: no-cache
pragma: no-cache
expires: 0
x-server: 10.45.16.137
access-control-allow-origin: *
server: Jetty(9.4.38.v20210224)
GET

https://bcp.crwdcntrl.net/map/c=3722/tp=ADSP/tpid=1eaffeddd7fd430e99d3f317f95ae1c0

msedge.exe

Remote address:

52.31.166.146:443

Request

GET /map/c=3722/tp=ADSP/tpid=1eaffeddd7fd430e99d3f317f95ae1c0 HTTP/2.0
host: bcp.crwdcntrl.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 404

date: Fri, 19 Jul 2024 20:37:38 GMT
content-type: image/gif
content-length: 49
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
cache-control: no-cache
pragma: no-cache
expires: 0
x-server: 10.45.7.137
access-control-allow-origin: *
server: Jetty(9.4.38.v20210224)
POST

https://bcp.crwdcntrl.net/6/map

msedge.exe

Remote address:

52.31.166.146:443

Request

POST /6/map HTTP/2.0
host: bcp.crwdcntrl.net
content-length: 655
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Fri, 19 Jul 2024 20:37:41 GMT
content-type: application/json;charset=utf-8
content-length: 156
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
cache-control: no-cache
pragma: no-cache
expires: 0
x-server: 10.45.3.79
set-cookie: _cc_dc=1;Path=/;Domain=crwdcntrl.net;Expires=Tue, 15-Apr-2025 20:04:00 GMT;SameSite=None;Secure
set-cookie: _cc_id=8a836164086ce8786b19a1d60ff9f4c6;Path=/;Domain=crwdcntrl.net;Expires=Tue, 15-Apr-2025 20:04:00 GMT;SameSite=None;Secure
access-control-allow-credentials: true
access-control-allow-origin: https://www.mediafire.com
server: Jetty(9.4.38.v20210224)
DNS

32.42.21.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

32.42.21.104.in-addr.arpa

IN PTR

Response
DNS

60.41.67.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

60.41.67.172.in-addr.arpa

IN PTR

Response
DNS

106.63.21.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

106.63.21.104.in-addr.arpa

IN PTR

Response
DNS

186.199.67.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

186.199.67.172.in-addr.arpa

IN PTR

Response
DNS

110.52.16.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

110.52.16.104.in-addr.arpa

IN PTR

Response
DNS

194.23.211.130.in-addr.arpa

Remote address:

8.8.8.8:53

Request

194.23.211.130.in-addr.arpa

IN PTR

Response

194.23.211.130.in-addr.arpa

IN PTR

19423211130bcgoogleusercontentcom
DNS

70.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

70.179.250.142.in-addr.arpa

IN PTR

Response

70.179.250.142.in-addr.arpa

IN PTR

par21s19-in-f61e100net
DNS

70.2.26.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

70.2.26.104.in-addr.arpa

IN PTR

Response
DNS

223.187.37.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

223.187.37.13.in-addr.arpa

IN PTR

Response

223.187.37.13.in-addr.arpa

IN PTR

ec2-13-37-187-223 eu-west-3compute amazonawscom
GET

https://tags.crwdcntrl.net/c/4545/cc_af.js

msedge.exe

Remote address:

18.245.143.83:443

Request

GET /c/4545/cc_af.js HTTP/2.0
host: tags.crwdcntrl.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 403

content-type: application/xml
date: Fri, 19 Jul 2024 20:37:37 GMT
server: AmazonS3
x-cache: Error from cloudfront
via: 1.1 718d744faad6ff02c7a7ca517a01865a.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR5-P1
x-amz-cf-id: p0vNqGXH5pZQ-rrDr4hEFax_NhdwilgUJIOrD_9DwnV_m-z-AWk44g==
cache-control: public, max-age=86400
GET

https://tags.crwdcntrl.net/lt/c/16589/sync.min.js

msedge.exe

Remote address:

18.245.143.83:443

Request

GET /lt/c/16589/sync.min.js HTTP/2.0
host: tags.crwdcntrl.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: text/javascript
last-modified: Tue, 09 Jul 2024 18:17:59 GMT
x-amz-server-side-encryption: AES256
server: AmazonS3
content-encoding: gzip
date: Fri, 19 Jul 2024 00:40:15 GMT
cache-control: public, max-age=86400
etag: W/"aec3aba6ab802c8f463ab64a2ec8a62a"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 718d744faad6ff02c7a7ca517a01865a.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR5-P1
x-amz-cf-id: mVaNOWTWgncDdab_OCQlKjOVP2RLhCs88eSN2XYiLWjp24_wcUo8EA==
age: 71846
DNS

78.73.67.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

78.73.67.172.in-addr.arpa

IN PTR

Response
DNS

162.201.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

162.201.250.142.in-addr.arpa

IN PTR

Response

162.201.250.142.in-addr.arpa

IN PTR

par21s23-in-f21e100net
DNS

79.87.21.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

79.87.21.104.in-addr.arpa

IN PTR

Response
DNS

77.190.64.185.in-addr.arpa

Remote address:

8.8.8.8:53

Request

77.190.64.185.in-addr.arpa

IN PTR

Response
DNS

153.63.120.34.in-addr.arpa

Remote address:

8.8.8.8:53

Request

153.63.120.34.in-addr.arpa

IN PTR

Response

153.63.120.34.in-addr.arpa

IN PTR

1536312034bcgoogleusercontentcom
DNS

126.54.195.18.in-addr.arpa

Remote address:

8.8.8.8:53

Request

126.54.195.18.in-addr.arpa

IN PTR

Response

126.54.195.18.in-addr.arpa

IN PTR

ec2-18-195-54-126eu-central-1compute amazonawscom
DNS

248.64.124.3.in-addr.arpa

Remote address:

8.8.8.8:53

Request

248.64.124.3.in-addr.arpa

IN PTR

Response

248.64.124.3.in-addr.arpa

IN PTR

ec2-3-124-64-248eu-central-1compute amazonawscom
DNS

fundingchoicesmessages.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

fundingchoicesmessages.google.com

IN A

Response

fundingchoicesmessages.google.com

IN CNAME

www3.l.google.com

www3.l.google.com

IN A

142.250.178.142
DNS

fundingchoicesmessages.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

fundingchoicesmessages.google.com

IN A

Response

fundingchoicesmessages.google.com

IN CNAME

www3.l.google.com

www3.l.google.com

IN A

142.250.178.142
DNS

83.143.245.18.in-addr.arpa

Remote address:

8.8.8.8:53

Request

83.143.245.18.in-addr.arpa

IN PTR

Response

83.143.245.18.in-addr.arpa

IN PTR

server-18-245-143-83lhr5r cloudfrontnet
DNS

62.127.194.54.in-addr.arpa

Remote address:

8.8.8.8:53

Request

62.127.194.54.in-addr.arpa

IN PTR

Response

62.127.194.54.in-addr.arpa

IN PTR

ec2-54-194-127-62 eu-west-1compute amazonawscom
DNS

146.166.31.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

146.166.31.52.in-addr.arpa

IN PTR

Response

146.166.31.52.in-addr.arpa

IN PTR

ec2-52-31-166-146 eu-west-1compute amazonawscom
GET

https://g.ezoic.net/cmp/log.gif?dId=484470&dcId=106&version=9&buttonId=2&consentV2=CQCAL0AQCAL0AErAJJENA9EsAP_gAEPgACiQKVtV_G__bWlr8X73aftkeY1P9_h77sQxBhfJE-4FzLvW_JwXx2ExNA36tqIKmRIAu3bBIQNlHJDUTVCgaogVryDMak2coTNKJ6BkiFMRO2dYCF5vmwtj-QKY5vr993dx2B-t_dr83dzyz4VHn3a5_2a0WJCdA5-tDfv9bROb-9IOd_58v4v8_F_rE2_eT1l_tevp7D9-cts79XW-9_fff79Ln_-mB_-CkoBZhoVEAZZEhIQaBhBAgBUFYQEUCAAAAEgaICAEwYFOwMAl1hIgBACgAGCAEAAKMgAQAACQAIRABAAUCAACAQKAAMACAYCABgYAAwAWAgEAAIDoEKYEECgWACRmREKYEIQCQQEtlQgkAQIK4QhFngQQCImCgAABIAKwABAWCwOJJASsSCBLiDaAAAgAQCCACoRSdmAIIAzZaq8WTaMrSAtHzBe9pgAA.YAAAAAAAAAAA

msedge.exe

Remote address:

13.37.187.223:443

Request

GET /cmp/log.gif?dId=484470&dcId=106&version=9&buttonId=2&consentV2=CQCAL0AQCAL0AErAJJENA9EsAP_gAEPgACiQKVtV_G__bWlr8X73aftkeY1P9_h77sQxBhfJE-4FzLvW_JwXx2ExNA36tqIKmRIAu3bBIQNlHJDUTVCgaogVryDMak2coTNKJ6BkiFMRO2dYCF5vmwtj-QKY5vr993dx2B-t_dr83dzyz4VHn3a5_2a0WJCdA5-tDfv9bROb-9IOd_58v4v8_F_rE2_eT1l_tevp7D9-cts79XW-9_fff79Ln_-mB_-CkoBZhoVEAZZEhIQaBhBAgBUFYQEUCAAAAEgaICAEwYFOwMAl1hIgBACgAGCAEAAKMgAQAACQAIRABAAUCAACAQKAAMACAYCABgYAAwAWAgEAAIDoEKYEECgWACRmREKYEIQCQQEtlQgkAQIK4QhFngQQCImCgAABIAKwABAWCwOJJASsSCBLiDaAAAgAQCCACoRSdmAIIAzZaq8WTaMrSAtHzBe9pgAA.YAAAAAAAAAAA HTTP/2.0
host: g.ezoic.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

access-control-allow-credentials: true
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, POST, PUT, OPTIONS
access-control-allow-origin: https://www.mediafire.com
access-control-max-age: 1728000
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
content-type: image/gif
date: Fri, 19 Jul 2024 20:37:41 GMT
expires: Thu, 18 Jul 2024 20:37:41 GMT
vary: Accept-Encoding,Origin,Access-Control-Request-Method,Access-Control-Request-Headers
x-middleton-display: cmp_sol
content-length: 43
DNS

5926966a686f9e17c15e1d3596a8ea65.safeframe.googlesyndication.com

msedge.exe

Remote address:

8.8.8.8:53

Request

5926966a686f9e17c15e1d3596a8ea65.safeframe.googlesyndication.com

IN A

Response

5926966a686f9e17c15e1d3596a8ea65.safeframe.googlesyndication.com

IN CNAME

pagead-googlehosted.l.google.com

pagead-googlehosted.l.google.com

IN A

216.58.214.65
DNS

cdn.jsdelivr.net

msedge.exe

Remote address:

8.8.8.8:53

Request

cdn.jsdelivr.net

IN A

Response

cdn.jsdelivr.net

IN CNAME

jsdelivr.map.fastly.net

jsdelivr.map.fastly.net

IN A

151.101.193.229

jsdelivr.map.fastly.net

IN A

151.101.1.229

jsdelivr.map.fastly.net

IN A

151.101.129.229

jsdelivr.map.fastly.net

IN A

151.101.65.229
DNS

cdn.prod.uidapi.com

msedge.exe

Remote address:

8.8.8.8:53

Request

cdn.prod.uidapi.com

IN A

Response

cdn.prod.uidapi.com

IN CNAME

d2avimlm6gq3h9.cloudfront.net

d2avimlm6gq3h9.cloudfront.net

IN A

18.245.255.11
DNS

static.criteo.net

msedge.exe

Remote address:

8.8.8.8:53

Request

static.criteo.net

IN A

Response

static.criteo.net

IN CNAME

static.nl3.vip.prod.criteo.net

static.nl3.vip.prod.criteo.net

IN A

178.250.1.3
DNS

oa.openxcdn.net

msedge.exe

Remote address:

8.8.8.8:53

Request

oa.openxcdn.net

IN A

Response

oa.openxcdn.net

IN A

34.102.146.192
DNS

cdn.id5-sync.com

msedge.exe

Remote address:

8.8.8.8:53

Request

cdn.id5-sync.com

IN A

Response

cdn.id5-sync.com

IN A

104.22.53.86

cdn.id5-sync.com

IN A

104.22.52.86

cdn.id5-sync.com

IN A

172.67.38.106
DNS

cdn-ima.33across.com

msedge.exe

Remote address:

8.8.8.8:53

Request

cdn-ima.33across.com

IN A

Response

cdn-ima.33across.com

IN CNAME

cdn-ima.33across.com.cdn.cloudflare.net

cdn-ima.33across.com.cdn.cloudflare.net

IN A

104.18.35.167

cdn-ima.33across.com.cdn.cloudflare.net

IN A

172.64.152.89
DNS

invstatic101.creativecdn.com

msedge.exe

Remote address:

8.8.8.8:53

Request

invstatic101.creativecdn.com

IN A

Response

invstatic101.creativecdn.com

IN A

34.96.70.87
GET

https://5926966a686f9e17c15e1d3596a8ea65.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

msedge.exe

Remote address:

216.58.214.65:443

Request

GET /safeframe/1-0-40/html/container.html HTTP/2.0
host: 5926966a686f9e17c15e1d3596a8ea65.safeframe.googlesyndication.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://cdn.jsdelivr.net/gh/prebid/shared-id/pubcid.js/docs/pubcid.min.js

msedge.exe

Remote address:

151.101.193.229:443

Request

GET /gh/prebid/shared-id/pubcid.js/docs/pubcid.min.js HTTP/2.0
host: cdn.jsdelivr.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: master
x-jsd-version-type: branch
etag: W/"2dc-IrZxm/sP4aqtIfs1EfEw6Dg5q1Y"
content-encoding: br
accept-ranges: bytes
date: Fri, 19 Jul 2024 20:37:41 GMT
age: 34472
x-served-by: cache-fra-eddf8230042-FRA, cache-lon420105-LON
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 439
GET

https://static.criteo.net/js/ld/publishertag.ids.js

msedge.exe

Remote address:

178.250.1.3:443

Request

GET /js/ld/publishertag.ids.js HTTP/2.0
host: static.criteo.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Fri, 19 Jul 2024 20:37:41 GMT
content-type: text/javascript
last-modified: Thu, 11 Jul 2024 14:14:53 GMT
etag: W/"668fe8dd-a6cc"
expires: Sat, 20 Jul 2024 20:37:41 GMT
cache-control: max-age=86400
cross-origin-resource-policy: cross-origin
cache-control: public
timing-allow-origin: *
access-control-allow-origin: *
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
GET

https://oa.openxcdn.net/esp.js

msedge.exe

Remote address:

34.102.146.192:443

Request

GET /esp.js HTTP/2.0
host: oa.openxcdn.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://cdn-ima.33across.com/ob.js

msedge.exe

Remote address:

104.18.35.167:443

Request

GET /ob.js HTTP/2.0
host: cdn-ima.33across.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Fri, 19 Jul 2024 20:37:41 GMT
content-type: application/javascript
last-modified: Mon, 08 Jul 2024 21:09:41 GMT
vary: Accept-Encoding
etag: W/"668c5595-4429"
expires: Mon, 22 Jul 2024 20:37:41 GMT
cache-control: public, max-age=259200
content-encoding: gzip
cf-cache-status: HIT
age: 290293
server: cloudflare
cf-ray: 8a5d82c3fa66368d-LHR
GET

https://invstatic101.creativecdn.com/encrypted-signals/encrypted-tag-g.js

msedge.exe

Remote address:

34.96.70.87:443

Request

GET /encrypted-signals/encrypted-tag-g.js HTTP/2.0
host: invstatic101.creativecdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://cdn.prod.uidapi.com/uid2SecureSignal.js

msedge.exe

Remote address:

18.245.255.11:443

Request

GET /uid2SecureSignal.js HTTP/1.1
Host: cdn.prod.uidapi.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: script
Referer: https://www.mediafire.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Type: text/javascript
Content-Length: 2776
Connection: keep-alive
x-amz-replication-status: COMPLETED
Last-Modified: Thu, 19 Oct 2023 06:40:11 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: KP_OVZMS6roEW_XJdOd.KnSEmM8GWiP3
Accept-Ranges: bytes
Server: AmazonS3
Date: Fri, 19 Jul 2024 06:48:46 GMT
ETag: "a3a9a9ee8e72db69d54e805f0586c651"
X-Cache: Hit from cloudfront
Via: 1.1 d683afd94013f32d974236fc8b93f792.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR5-P5
X-Amz-Cf-Id: gv-7PWNkudCZ7kA0Yig-CMAR30zOw6DtIfg3tnlff68hht2syGzItg==
Age: 49736
GET

https://cdn.id5-sync.com/api/1.0/esp.js

msedge.exe

Remote address:

104.22.53.86:443

Request

GET /api/1.0/esp.js HTTP/2.0
host: cdn.id5-sync.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Fri, 19 Jul 2024 20:37:41 GMT
content-type: text/javascript;charset=utf-8
x-amz-id-2: lLomqU65f3jzNgE2sV1SrbzZmUvd0XBODgzAOZ1jy8srQpoS3en9561iiXPQqIYFlP7AHtZDtYY=
x-amz-request-id: QRPXMQM6V5X1Q424
last-modified: Wed, 19 Jun 2024 08:15:00 GMT
etag: W/"3d8396f35fd4c6387c69fe6503afbacd"
x-amz-server-side-encryption: AES256
cache-control: public, max-age=3600
cf-cache-status: HIT
age: 20
expires: Fri, 19 Jul 2024 21:37:41 GMT
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
server: cloudflare
cf-ray: 8a5d82c4a8873696-LHR
content-encoding: br
DNS

apps.identrust.com

msedge.exe

Remote address:

8.8.8.8:53

Request

apps.identrust.com

IN A

Response

apps.identrust.com

IN CNAME

identrust.edgesuite.net

identrust.edgesuite.net

IN CNAME

a1952.dscq.akamai.net

a1952.dscq.akamai.net

IN A

88.221.134.137

a1952.dscq.akamai.net

IN A

88.221.135.104
DNS

oajs.openx.net

msedge.exe

Remote address:

8.8.8.8:53

Request

oajs.openx.net

IN A

Response

oajs.openx.net

IN A

34.120.135.53

oajs.openx.net

IN A

34.120.107.143
GET

http://apps.identrust.com/roots/dstrootcax3.p7c

msedge.exe

Remote address:

88.221.134.137:80

Request

GET /roots/dstrootcax3.p7c HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: apps.identrust.com

Response

HTTP/1.1 200 OK

X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Robots-Tag: noindex
Referrer-Policy: same-origin
Last-Modified: Fri, 13 Oct 2023 16:28:31 GMT
ETag: "37d-6079b8c0929c0"
Accept-Ranges: bytes
Content-Length: 893
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
Content-Type: application/pkcs7-mime
Cache-Control: max-age=3600
Expires: Fri, 19 Jul 2024 21:37:41 GMT
Date: Fri, 19 Jul 2024 20:37:41 GMT
Connection: keep-alive
GET

https://oajs.openx.net/esp?url=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fvehz5gm393ydtoz%2Fnitrogen.zip&rid=esp

msedge.exe

Remote address:

34.120.135.53:443

Request

GET /esp?url=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fvehz5gm393ydtoz%2Fnitrogen.zip&rid=esp HTTP/2.0
host: oajs.openx.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

tpc.googlesyndication.com

msedge.exe

Remote address:

8.8.8.8:53

Request

tpc.googlesyndication.com

IN A

Response

tpc.googlesyndication.com

IN A

216.58.214.161
GET

https://tpc.googlesyndication.com/sodar/sodar2.js

msedge.exe

Remote address:

216.58.214.161:443

Request

GET /sodar/sodar2.js HTTP/2.0
host: tpc.googlesyndication.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

id5-sync.com

msedge.exe

Remote address:

8.8.8.8:53

Request

id5-sync.com

IN A

Response

id5-sync.com

IN A

162.19.138.119

id5-sync.com

IN A

162.19.138.82

id5-sync.com

IN A

162.19.138.117

id5-sync.com

IN A

141.95.98.64

id5-sync.com

IN A

162.19.138.116

id5-sync.com

IN A

162.19.138.120

id5-sync.com

IN A

162.19.138.118

id5-sync.com

IN A

141.95.98.65

id5-sync.com

IN A

141.95.33.120

id5-sync.com

IN A

162.19.138.83
GET

https://id5-sync.com/api/esp/increment?counter=no-config

msedge.exe

Remote address:

162.19.138.119:443

Request

GET /api/esp/increment?counter=no-config HTTP/2.0
host: id5-sync.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

vary: Origin
vary: Access-Control-Request-Method
vary: Access-Control-Request-Headers
access-control-allow-origin: https://www.mediafire.com
vary: Origin
access-control-allow-credentials: true
date: Fri, 19 Jul 2024 20:37:41 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
DNS

13.86.106.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

13.86.106.20.in-addr.arpa

IN PTR

Response
DNS

65.214.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

65.214.58.216.in-addr.arpa

IN PTR

Response

65.214.58.216.in-addr.arpa

IN PTR

fra15s10-in-f11e100net

65.214.58.216.in-addr.arpa

IN PTR

fra15s10-in-f65�G

65.214.58.216.in-addr.arpa

IN PTR

par10s39-in-f1�G
DNS

229.193.101.151.in-addr.arpa

Remote address:

8.8.8.8:53

Request

229.193.101.151.in-addr.arpa

IN PTR

Response
DNS

167.35.18.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

167.35.18.104.in-addr.arpa

IN PTR

Response
DNS

87.70.96.34.in-addr.arpa

Remote address:

8.8.8.8:53

Request

87.70.96.34.in-addr.arpa

IN PTR

Response

87.70.96.34.in-addr.arpa

IN PTR

87709634bcgoogleusercontentcom
DNS

192.146.102.34.in-addr.arpa

Remote address:

8.8.8.8:53

Request

192.146.102.34.in-addr.arpa

IN PTR

Response

192.146.102.34.in-addr.arpa

IN PTR

19214610234bcgoogleusercontentcom
DNS

130.178.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

130.178.250.142.in-addr.arpa

IN PTR

Response

130.178.250.142.in-addr.arpa

IN PTR

par21s22-in-f21e100net
DNS

11.255.245.18.in-addr.arpa

Remote address:

8.8.8.8:53

Request

11.255.245.18.in-addr.arpa

IN PTR

Response

11.255.245.18.in-addr.arpa

IN PTR

server-18-245-255-11lhr5r cloudfrontnet
DNS

3.1.250.178.in-addr.arpa

Remote address:

8.8.8.8:53

Request

3.1.250.178.in-addr.arpa

IN PTR

Response
DNS

86.53.22.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

86.53.22.104.in-addr.arpa

IN PTR

Response
DNS

226.21.18.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

226.21.18.104.in-addr.arpa

IN PTR

Response
DNS

137.134.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

137.134.221.88.in-addr.arpa

IN PTR

Response

137.134.221.88.in-addr.arpa

IN PTR

a88-221-134-137deploystaticakamaitechnologiescom
DNS

53.135.120.34.in-addr.arpa

Remote address:

8.8.8.8:53

Request

53.135.120.34.in-addr.arpa

IN PTR

Response

53.135.120.34.in-addr.arpa

IN PTR

5313512034bcgoogleusercontentcom
DNS

161.214.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

161.214.58.216.in-addr.arpa

IN PTR

Response

161.214.58.216.in-addr.arpa

IN PTR

mad01s26-in-f11e100net

161.214.58.216.in-addr.arpa

IN PTR

par10s42-in-f1�H

161.214.58.216.in-addr.arpa

IN PTR

mad01s26-in-f161�H
DNS

119.138.19.162.in-addr.arpa

Remote address:

8.8.8.8:53

Request

119.138.19.162.in-addr.arpa

IN PTR

Response

119.138.19.162.in-addr.arpa

IN PTR

ns31533570 ip-162-19-138eu
DNS

google-bidout-d.openx.net

msedge.exe

Remote address:

8.8.8.8:53

Request

google-bidout-d.openx.net

IN A

Response

google-bidout-d.openx.net

IN A

35.244.159.8

google-bidout-d.openx.net

IN A

34.98.64.218
GET

https://google-bidout-d.openx.net/w/1.0/pd?plm=5

msedge.exe

Remote address:

35.244.159.8:443

Request

GET /w/1.0/pd?plm=5 HTTP/2.0
host: google-bidout-d.openx.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

ads.pubmatic.com

msedge.exe

Remote address:

8.8.8.8:53

Request

ads.pubmatic.com

IN A

Response

ads.pubmatic.com

IN CNAME

pubmatic.edgekey.net

pubmatic.edgekey.net

IN CNAME

e6603.g.akamaiedge.net

e6603.g.akamaiedge.net

IN A

2.18.108.192
DNS

contextual.media.net

msedge.exe

Remote address:

8.8.8.8:53

Request

contextual.media.net

IN A

Response

contextual.media.net

IN A

95.100.244.20
DNS

eb2.3lift.com

msedge.exe

Remote address:

8.8.8.8:53

Request

eb2.3lift.com

IN A

Response

eb2.3lift.com

IN CNAME

eu-eb2.3lift.com

eu-eb2.3lift.com

IN A

76.223.111.18

eu-eb2.3lift.com

IN A

13.248.245.213
DNS

eb2.3lift.com

msedge.exe

Remote address:

8.8.8.8:53

Request

eb2.3lift.com

IN A

Response

eb2.3lift.com

IN CNAME

eu-eb2.3lift.com

eu-eb2.3lift.com

IN A

76.223.111.18

eu-eb2.3lift.com

IN A

13.248.245.213
GET

https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158936

msedge.exe

Remote address:

2.18.108.192:443

Request

GET /AdServer/js/user_sync.html?kdntuid=1&p=158936 HTTP/2.0
host: ads.pubmatic.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Apache
last-modified: Wed, 05 Jun 2024 06:37:38 GMT
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 5492
content-type: text/html
cache-control: max-age=69520
expires: Sat, 20 Jul 2024 15:56:21 GMT
date: Fri, 19 Jul 2024 20:37:41 GMT
vary: Accept-Encoding
GET

https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUO2689O&prvid=2034%2C2033%2C2030%2C3020%2C294%2C251%2C233%2C2027%2C237%2C359%2C338%2C459%2C97%2C55%2C77%2C3012%2C3011%2C182%2C262%2C461%2C201%2C246%2C4%2C203%2C10000%2C108%2C9&itype=PREBID&purpose1=1&gdprconsent=0&gdpr=1&coppa=0&usp_status=0&usp_consent=1

msedge.exe

Remote address:

95.100.244.20:443

Request

GET /checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUO2689O&prvid=2034%2C2033%2C2030%2C3020%2C294%2C251%2C233%2C2027%2C237%2C359%2C338%2C459%2C97%2C55%2C77%2C3012%2C3011%2C182%2C262%2C461%2C201%2C246%2C4%2C203%2C10000%2C108%2C9&itype=PREBID&purpose1=1&gdprconsent=0&gdpr=1&coppa=0&usp_status=0&usp_consent=1 HTTP/2.0
host: contextual.media.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Apache
content-type: text/html; charset=UTF-8
x-mnet-hl2: E
strict-transport-security: max-age=31536000
alt-svc: h3=":443"; ma=93600
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=172800
expires: Sun, 21 Jul 2024 20:37:41 GMT
date: Fri, 19 Jul 2024 20:37:41 GMT
content-length: 8338
GET

https://eb2.3lift.com/sync?

msedge.exe

Remote address:

76.223.111.18:443

Request

GET /sync? HTTP/2.0
host: eb2.3lift.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Fri, 19 Jul 2024 20:37:41 GMT
content-type: image/gif
content-length: 37
cache-control: no-cache, no-store, must-revalidate
DNS

cdn.ampproject.org

msedge.exe

Remote address:

8.8.8.8:53

Request

cdn.ampproject.org

IN A

Response

cdn.ampproject.org

IN CNAME

cdn-content.ampproject.org

cdn-content.ampproject.org

IN A

142.250.179.65
GET

https://cdn.ampproject.org/rtv/012406241625000/amp4ads-v0.js

msedge.exe

Remote address:

142.250.179.65:443

Request

GET /rtv/012406241625000/amp4ads-v0.js HTTP/2.0
host: cdn.ampproject.org
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://cdn.ampproject.org/rtv/012406241625000/v0/amp-ad-exit-0.1.js

msedge.exe

Remote address:

142.250.179.65:443

Request

GET /rtv/012406241625000/v0/amp-ad-exit-0.1.js HTTP/2.0
host: cdn.ampproject.org
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://cdn.ampproject.org/rtv/012406241625000/v0/amp-analytics-0.1.js

msedge.exe

Remote address:

142.250.179.65:443

Request

GET /rtv/012406241625000/v0/amp-analytics-0.1.js HTTP/2.0
host: cdn.ampproject.org
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://cdn.ampproject.org/rtv/012406241625000/v0/amp-fit-text-0.1.js

msedge.exe

Remote address:

142.250.179.65:443

Request

GET /rtv/012406241625000/v0/amp-fit-text-0.1.js HTTP/2.0
host: cdn.ampproject.org
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://cdn.ampproject.org/rtv/012406241625000/v0/amp-form-0.1.js

msedge.exe

Remote address:

142.250.179.65:443

Request

GET /rtv/012406241625000/v0/amp-form-0.1.js HTTP/2.0
host: cdn.ampproject.org
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

download2271.mediafire.com

msedge.exe

Remote address:

8.8.8.8:53

Request

download2271.mediafire.com

IN A

Response

download2271.mediafire.com

IN A

199.91.155.12
GET

https://download2271.mediafire.com/qt1saempjjygOqHSopofaNsn0RZXf4F09MSrhXMkwXol22bTUrrnOlH3QfsYy5o0SJ9728kAeTsx8aQjOfyShZB3SoWGs_zZ2hN5kLBTAWqR3HLf1BgtVPDpsdYTwyf-lrKYDoV3vqamrlls2vJAQH_GS68LXEeyp-2NkrDZ5cI/vehz5gm393ydtoz/nitrogen.zip

msedge.exe

Remote address:

199.91.155.12:443

Request

GET /qt1saempjjygOqHSopofaNsn0RZXf4F09MSrhXMkwXol22bTUrrnOlH3QfsYy5o0SJ9728kAeTsx8aQjOfyShZB3SoWGs_zZ2hN5kLBTAWqR3HLf1BgtVPDpsdYTwyf-lrKYDoV3vqamrlls2vJAQH_GS68LXEeyp-2NkrDZ5cI/vehz5gm393ydtoz/nitrogen.zip HTTP/1.1
Host: download2271.mediafire.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
Upgrade-Insecure-Requests: 1
DNT: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: document
Referer: https://www.mediafire.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: ukey=zw9q7d8nbn2f9b5tvckzk3gimo1fruj3; dr_vehz5gm393ydtoz=1; __cf_bm=mmv0rjuqB6qiJsj6ItaIvkSGemeJTQLCLKawH2K_t2U-1721421448-1.0.1.1-xu4KePR.o8wiuj4PPjT7NlGWZpaC3ZPx2a_gaxQTfZnvnx81Y6Lx3qD1POlYAj_CnfkpJX73l5AzV3JwE0Ig.w; _gid=GA1.2.258467451.1721421450; _gat_gtag_UA_829541_1=1; cf_clearance=QQZvdKHpkhnbmqYC7EAJU_Fi73FM85BT8VQ_hQYqUeE-1721421451-1.0.1.1-1mrhUKfh2q0uszTksYplgdI8EMwz.ZO5GX5ahfGKpd85niH_04rNmwzRHHA98x9mag2GxmoUWre9OcWLxQQm3A; conv_tracking_data-2=%7B%22mf_source%22%3A%22regular_download-59%22%2C%22mf_content%22%3A%22Free%22%2C%22mf_medium%22%3A%22windows%5C%2FEdge%22%2C%22mf_campaign%22%3A%22vehz5gm393ydtoz%22%2C%22mf_term%22%3A%2246e963f0b3db8b86ea14a82ad50a6e0b%22%7D; amp_28916b=IRYoKQ3-89ZhgQCqJF2M9U...1i36bdi0l.1i36bdpp0.0.2.2; ezoab_484470=mod1-c; ezoadgid_484470=-1; ezovuuidtime_484470=1721421458; ezovuuid_484470=7ed64333-bb55-480f-4edb-e9e6a54db74e; ezoref_484470=; active_template::484470=orig_site.1721421458; ezopvc_484470=1; lp_484470=https://www.mediafire.com/file/vehz5gm393ydtoz/nitrogen.zip; ezosuibasgeneris-1=91b3a151-5aa5-4ae3-4dc6-4814d316d404; _ga=GA1.1.1100413091.1721421450; ez-consent-tcf=CQCAL0AQCAL0AErAJJENA9EsAP_gAEPgACiQKVtV_G__bWlr8X73aftkeY1P9_h77sQxBhfJE-4FzLvW_JwXx2ExNA36tqIKmRIAu3bBIQNlHJDUTVCgaogVryDMak2coTNKJ6BkiFMRO2dYCF5vmwtj-QKY5vr993dx2B-t_dr83dzyz4VHn3a5_2a0WJCdA5-tDfv9bROb-9IOd_58v4v8_F_rE2_eT1l_tevp7D9-cts79XW-9_fff79Ln_-mB_-CkoBZhoVEAZZEhIQaBhBAgBUFYQEUCAAAAEgaICAEwYFOwMAl1hIgBACgAGCAEAAKMgAQAACQAIRABAAUCAACAQKAAMACAYCABgYAAwAWAgEAAIDoEKYEECgWACRmREKYEIQCQQEtlQgkAQIK4QhFngQQCImCgAABIAKwABAWCwOJJASsSCBLiDaAAAgAQCCACoRSdmAIIAzZaq8WTaMrSAtHzBe9pgAA.YAAAAAAAAAAA; _cc_id=8a836164086ce8786b19a1d60ff9f4c6; panoramaId_expiry=1721507861015; __gads=ID=b1855556bdd128f2:T=1721421460:RT=1721421460:S=ALNI_MbM_j2r7daXPihzXv-f-mIvwd1wKg; __gpi=UID=00000e9746c66e10:T=1721421460:RT=1721421460:S=ALNI_Maao35CUW9JF_J0mFSaVbqBsIifRA; __eoi=ID=62aa6a3249ea7758:T=1721421460:RT=1721421460:S=AA-AfjZaGTSJTig7pbBwcbk94U49; _ga_K68XP6D85D=GS1.1.1721421449.1.1.1721421461.48.0.0

Response

HTTP/1.1 200 OK

server: bd-0.1.27
content-type: application/zip
accept-ranges: bytes
connection: close
cache-control: no-store
x-robots-tag: noindex, nofollow
content-disposition: attachment; filename="nitrogen.zip"
content-length: 994543
date: Fri, 19 Jul 2024 20:37:42 GMT
DNS

8.159.244.35.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.159.244.35.in-addr.arpa

IN PTR

Response

8.159.244.35.in-addr.arpa

IN PTR

815924435bcgoogleusercontentcom
DNS

192.108.18.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

192.108.18.2.in-addr.arpa

IN PTR

Response

192.108.18.2.in-addr.arpa

IN PTR

a2-18-108-192deploystaticakamaitechnologiescom
DNS

20.244.100.95.in-addr.arpa

Remote address:

8.8.8.8:53

Request

20.244.100.95.in-addr.arpa

IN PTR

Response

20.244.100.95.in-addr.arpa

IN PTR

a95-100-244-20deploystaticakamaitechnologiescom
DNS

18.111.223.76.in-addr.arpa

Remote address:

8.8.8.8:53

Request

18.111.223.76.in-addr.arpa

IN PTR

Response

18.111.223.76.in-addr.arpa

IN PTR

a0f671730127a0812awsglobalacceleratorcom
DNS

65.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

65.179.250.142.in-addr.arpa

IN PTR

Response

65.179.250.142.in-addr.arpa

IN PTR

par21s19-in-f11e100net
DNS

gum.criteo.com

msedge.exe

Remote address:

8.8.8.8:53

Request

gum.criteo.com

IN A

Response

gum.criteo.com

IN CNAME

gum.nl3.vip.prod.criteo.com

gum.nl3.vip.prod.criteo.com

IN A

178.250.1.11
GET

https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=www.mediafire.com&gdpr=1&gdpr_consent=CQCAL0AQCAL0AErAJJENA9EsAP_gAEPgACiQKVtV_G__bWlr8X73aftkeY1P9_h77sQxBhfJE-4FzLvW_JwXx2ExNA36tqIKmRIAu3bBIQNlHJDUTVCgaogVryDMak2coTNKJ6BkiFMRO2dYCF5vmwtj-QKY5vr993dx2B-t_dr83dzyz4VHn3a5_2a0WJCdA5-tDfv9bROb-9IOd_58v4v8_F_rE2_eT1l_tevp7D9-cts79XW-9_fff79Ln_-mB_-CkoBZhoVEAZZEhIQaBhBAgBUFYQEUCAAAAEgaICAEwYFOwMAl1hIgBACgAGCAEAAKMgAQAACQAIRABAAUCAACAQKAAMACAYCABgYAAwAWAgEAAIDoEKYEECgWACRmREKYEIQCQQEtlQgkAQIK4QhFngQQCImCgAABIAKwABAWCwOJJASsSCBLiDaAAAgAQCCACoRSdmAIIAzZaq8WTaMrSAtHzBe9pgAA.YAAAAAAAAAAA&gpp=&gpp_sid=-1

msedge.exe

Remote address:

178.250.1.11:443

Request

GET /syncframe?origin=publishertagids&topUrl=www.mediafire.com&gdpr=1&gdpr_consent=CQCAL0AQCAL0AErAJJENA9EsAP_gAEPgACiQKVtV_G__bWlr8X73aftkeY1P9_h77sQxBhfJE-4FzLvW_JwXx2ExNA36tqIKmRIAu3bBIQNlHJDUTVCgaogVryDMak2coTNKJ6BkiFMRO2dYCF5vmwtj-QKY5vr993dx2B-t_dr83dzyz4VHn3a5_2a0WJCdA5-tDfv9bROb-9IOd_58v4v8_F_rE2_eT1l_tevp7D9-cts79XW-9_fff79Ln_-mB_-CkoBZhoVEAZZEhIQaBhBAgBUFYQEUCAAAAEgaICAEwYFOwMAl1hIgBACgAGCAEAAKMgAQAACQAIRABAAUCAACAQKAAMACAYCABgYAAwAWAgEAAIDoEKYEECgWACRmREKYEIQCQQEtlQgkAQIK4QhFngQQCImCgAABIAKwABAWCwOJJASsSCBLiDaAAAgAQCCACoRSdmAIIAzZaq8WTaMrSAtHzBe9pgAA.YAAAAAAAAAAA&gpp=&gpp_sid=-1 HTTP/2.0
host: gum.criteo.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: text/html; charset=utf-8
date: Fri, 19 Jul 2024 20:37:42 GMT
server: Kestrel
cache-control: private, max-age=3600
set-cookie: uid=41aea943-8abe-46a6-85b2-f14b780189d7; expires=Wed, 13 Aug 2025 20:37:42 GMT; domain=.criteo.com; path=/; secure; samesite=none
set-cookie: optout=0; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=.criteo.com; path=/
x-robots-tag: noindex
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
server-processing-duration-in-ticks: 376097
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
GET

https://gum.criteo.com/sid/json?origin=publishertagids&domain=mediafire.com&sn=EdgeSyncframe&so=0&topUrl=www.mediafire.com&info=8glNAl9uNmRFc0FiMUZGUlYlMkJXMWtSanRlaGdNNE9CQkNvRmJoRndHTm0yVk1VJTJGWDQ3bjNjd1pZQ2w4R1klMkZCY0l5JTJGcUx6TUtOZ0VqT0YyOTZ3MVNYV3lINjJ3JTNEJTNE&idsd=47382644,768820261&cw=1&lsw=1

msedge.exe

Remote address:

178.250.1.11:443

Request

GET /sid/json?origin=publishertagids&domain=mediafire.com&sn=EdgeSyncframe&so=0&topUrl=www.mediafire.com&info=8glNAl9uNmRFc0FiMUZGUlYlMkJXMWtSanRlaGdNNE9CQkNvRmJoRndHTm0yVk1VJTJGWDQ3bjNjd1pZQ2w4R1klMkZCY0l5JTJGcUx6TUtOZ0VqT0YyOTZ3MVNYV3lINjJ3JTNEJTNE&idsd=47382644,768820261&cw=1&lsw=1 HTTP/2.0
host: gum.criteo.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=www.mediafire.com&gdpr=1&gdpr_consent=CQCAL0AQCAL0AErAJJENA9EsAP_gAEPgACiQKVtV_G__bWlr8X73aftkeY1P9_h77sQxBhfJE-4FzLvW_JwXx2ExNA36tqIKmRIAu3bBIQNlHJDUTVCgaogVryDMak2coTNKJ6BkiFMRO2dYCF5vmwtj-QKY5vr993dx2B-t_dr83dzyz4VHn3a5_2a0WJCdA5-tDfv9bROb-9IOd_58v4v8_F_rE2_eT1l_tevp7D9-cts79XW-9_fff79Ln_-mB_-CkoBZhoVEAZZEhIQaBhBAgBUFYQEUCAAAAEgaICAEwYFOwMAl1hIgBACgAGCAEAAKMgAQAACQAIRABAAUCAACAQKAAMACAYCABgYAAwAWAgEAAIDoEKYEECgWACRmREKYEIQCQQEtlQgkAQIK4QhFngQQCImCgAABIAKwABAWCwOJJASsSCBLiDaAAAgAQCCACoRSdmAIIAzZaq8WTaMrSAtHzBe9pgAA.YAAAAAAAAAAA&gpp=&gpp_sid=-1
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: application/json; charset=utf-8
date: Fri, 19 Jul 2024 20:37:43 GMT
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
set-cookie: uid=699786a5-91c1-4370-a307-8c514e1a46c2; expires=Wed, 13 Aug 2025 20:37:43 GMT; domain=.criteo.com; path=/; secure; samesite=none
server-processing-duration-in-ticks: 378132
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
DNS

ag.gbc.criteo.com

msedge.exe

Remote address:

8.8.8.8:53

Request

ag.gbc.criteo.com

IN A

Response

ag.gbc.criteo.com

IN CNAME

gbc4.fr3.eu.criteo.com

gbc4.fr3.eu.criteo.com

IN A

185.235.86.125

gbc4.fr3.eu.criteo.com

IN A

185.235.86.137

gbc4.fr3.eu.criteo.com

IN A

185.235.86.124

gbc4.fr3.eu.criteo.com

IN A

185.235.86.133

gbc4.fr3.eu.criteo.com

IN A

185.235.86.130

gbc4.fr3.eu.criteo.com

IN A

185.235.86.118

gbc4.fr3.eu.criteo.com

IN A

185.235.86.127

gbc4.fr3.eu.criteo.com

IN A

185.235.86.122

gbc4.fr3.eu.criteo.com

IN A

185.235.86.113

gbc4.fr3.eu.criteo.com

IN A

185.235.86.135

gbc4.fr3.eu.criteo.com

IN A

185.235.86.131

gbc4.fr3.eu.criteo.com

IN A

185.235.86.134

gbc4.fr3.eu.criteo.com

IN A

185.235.86.114

gbc4.fr3.eu.criteo.com

IN A

185.235.86.117

gbc4.fr3.eu.criteo.com

IN A

185.235.86.120

gbc4.fr3.eu.criteo.com

IN A

185.235.86.138

gbc4.fr3.eu.criteo.com

IN A

185.235.86.139

gbc4.fr3.eu.criteo.com

IN A

185.235.86.119

gbc4.fr3.eu.criteo.com

IN A

185.235.86.132

gbc4.fr3.eu.criteo.com

IN A

185.235.86.121

gbc4.fr3.eu.criteo.com

IN A

185.235.86.129

gbc4.fr3.eu.criteo.com

IN A

185.235.86.115

gbc4.fr3.eu.criteo.com

IN A

185.235.86.136

gbc4.fr3.eu.criteo.com

IN A

185.235.86.123

gbc4.fr3.eu.criteo.com

IN A

185.235.86.126

gbc4.fr3.eu.criteo.com

IN A

185.235.86.128

gbc4.fr3.eu.criteo.com

IN A

185.235.86.116

gbc4.fr3.eu.criteo.com

IN A

185.235.86.112
DNS

ag.gbc.criteo.com

msedge.exe

Remote address:

8.8.8.8:53

Request

ag.gbc.criteo.com

IN A

Response

ag.gbc.criteo.com

IN CNAME

gbc4.fr3.eu.criteo.com

gbc4.fr3.eu.criteo.com

IN A

185.235.86.131

gbc4.fr3.eu.criteo.com

IN A

185.235.86.125

gbc4.fr3.eu.criteo.com

IN A

185.235.86.124

gbc4.fr3.eu.criteo.com

IN A

185.235.86.128

gbc4.fr3.eu.criteo.com

IN A

185.235.86.120

gbc4.fr3.eu.criteo.com

IN A

185.235.86.136

gbc4.fr3.eu.criteo.com

IN A

185.235.86.132

gbc4.fr3.eu.criteo.com

IN A

185.235.86.134

gbc4.fr3.eu.criteo.com

IN A

185.235.86.135

gbc4.fr3.eu.criteo.com

IN A

185.235.86.116

gbc4.fr3.eu.criteo.com

IN A

185.235.86.139

gbc4.fr3.eu.criteo.com

IN A

185.235.86.115

gbc4.fr3.eu.criteo.com

IN A

185.235.86.129

gbc4.fr3.eu.criteo.com

IN A

185.235.86.121

gbc4.fr3.eu.criteo.com

IN A

185.235.86.112

gbc4.fr3.eu.criteo.com

IN A

185.235.86.137

gbc4.fr3.eu.criteo.com

IN A

185.235.86.119

gbc4.fr3.eu.criteo.com

IN A

185.235.86.114

gbc4.fr3.eu.criteo.com

IN A

185.235.86.133

gbc4.fr3.eu.criteo.com

IN A

185.235.86.126

gbc4.fr3.eu.criteo.com

IN A

185.235.86.117

gbc4.fr3.eu.criteo.com

IN A

185.235.86.130

gbc4.fr3.eu.criteo.com

IN A

185.235.86.113

gbc4.fr3.eu.criteo.com

IN A

185.235.86.127

gbc4.fr3.eu.criteo.com

IN A

185.235.86.118

gbc4.fr3.eu.criteo.com

IN A

185.235.86.122

gbc4.fr3.eu.criteo.com

IN A

185.235.86.138

gbc4.fr3.eu.criteo.com

IN A

185.235.86.123
DNS

dnacdn.net

msedge.exe

Remote address:

8.8.8.8:53

Request

dnacdn.net

IN A

Response

dnacdn.net

IN A

178.250.1.11
DNS

googleads.g.doubleclick.net

msedge.exe

Remote address:

8.8.8.8:53

Request

googleads.g.doubleclick.net

IN A

Response

googleads.g.doubleclick.net

IN A

142.250.201.162
GET

http://otnolatrnup.com/hideref.engine?d=https%3A%2F%2Fworeppercomming.com%2F4fabb44a-878d-4024-bdef-2de07d973f5e%3Fcampaignname%3D2_OperaGX%26placementname%3D2_OperaGX_UK_Win_101%26bid%3D5.75%26totalcpv%3D0.00575%26channel%3DFile%2BHosting%2B%2526%2BSharing%26subchannel%3DFile%2BHosting%2B%2526%2BSharing%26medianame%3DOperaGX_WW_9636%26keywords%3Donline+storage%2Cfree+storage%2Ccloud+storage%2Ccollaboration%2Cbackup+file+sharing%2Cshare+files%2Cphoto+backup%2Cphoto+sharing%2Cftp+replacement%2Ccross+platform%2Cremote+access%2Cmobile+access%2Csend+large+files%2Crecover+files%2Cfile+versioning%2Cundelete%2Cwindows%2Cpc%2Cmac%2Cos+x%2Clinux%2Ciphone%2Conline+storage%2Cfree+storage%2Ccloud+storage%2Ccollaboration%2Cbackup+file+sharing%2Cshare+files%2Cphoto+backup%2Cphoto+sharing%2Cftp+replacement%2Ccross+platform%2Cremote+access%2Cmobile+access%2Csend+large+files%2Crecover+files%2Cfile+versioning%2Cundelete%2Cwindows%2Cpc%2Cmac%2Cos+x%2Clinux%2Ciphone%26sourceid%3D101%26domainid%3D1%26cpv%3D0.00575%26s2sParam%3D56fe7864-39eb-4370-85c5-a83ca0f342e2

msedge.exe

Remote address:

104.16.53.110:80

Request

GET /hideref.engine?d=https%3A%2F%2Fworeppercomming.com%2F4fabb44a-878d-4024-bdef-2de07d973f5e%3Fcampaignname%3D2_OperaGX%26placementname%3D2_OperaGX_UK_Win_101%26bid%3D5.75%26totalcpv%3D0.00575%26channel%3DFile%2BHosting%2B%2526%2BSharing%26subchannel%3DFile%2BHosting%2B%2526%2BSharing%26medianame%3DOperaGX_WW_9636%26keywords%3Donline+storage%2Cfree+storage%2Ccloud+storage%2Ccollaboration%2Cbackup+file+sharing%2Cshare+files%2Cphoto+backup%2Cphoto+sharing%2Cftp+replacement%2Ccross+platform%2Cremote+access%2Cmobile+access%2Csend+large+files%2Crecover+files%2Cfile+versioning%2Cundelete%2Cwindows%2Cpc%2Cmac%2Cos+x%2Clinux%2Ciphone%2Conline+storage%2Cfree+storage%2Ccloud+storage%2Ccollaboration%2Cbackup+file+sharing%2Cshare+files%2Cphoto+backup%2Cphoto+sharing%2Cftp+replacement%2Ccross+platform%2Cremote+access%2Cmobile+access%2Csend+large+files%2Crecover+files%2Cfile+versioning%2Cundelete%2Cwindows%2Cpc%2Cmac%2Cos+x%2Clinux%2Ciphone%26sourceid%3D101%26domainid%3D1%26cpv%3D0.00575%26s2sParam%3D56fe7864-39eb-4370-85c5-a83ca0f342e2 HTTP/1.1
Host: otnolatrnup.com
Connection: keep-alive
Upgrade-Insecure-Requests: 1
DNT: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 302 Found

Date: Fri, 19 Jul 2024 20:37:43 GMT
Content-Length: 0
Connection: keep-alive
Location: https://otnolatrnup.com/hideref.engine?d=https%3A%2F%2Fworeppercomming.com%2F4fabb44a-878d-4024-bdef-2de07d973f5e%3Fcampaignname%3D2_OperaGX%26placementname%3D2_OperaGX_UK_Win_101%26bid%3D5.75%26totalcpv%3D0.00575%26channel%3DFile%2BHosting%2B%2526%2BSharing%26subchannel%3DFile%2BHosting%2B%2526%2BSharing%26medianame%3DOperaGX_WW_9636%26keywords%3Donline+storage%2Cfree+storage%2Ccloud+storage%2Ccollaboration%2Cbackup+file+sharing%2Cshare+files%2Cphoto+backup%2Cphoto+sharing%2Cftp+replacement%2Ccross+platform%2Cremote+access%2Cmobile+access%2Csend+large+files%2Crecover+files%2Cfile+versioning%2Cundelete%2Cwindows%2Cpc%2Cmac%2Cos+x%2Clinux%2Ciphone%2Conline+storage%2Cfree+storage%2Ccloud+storage%2Ccollaboration%2Cbackup+file+sharing%2Cshare+files%2Cphoto+backup%2Cphoto+sharing%2Cftp+replacement%2Ccross+platform%2Cremote+access%2Cmobile+access%2Csend+large+files%2Crecover+files%2Cfile+versioning%2Cundelete%2Cwindows%2Cpc%2Cmac%2Cos+x%2Clinux%2Ciphone%26sourceid%3D101%26domainid%3D1%26cpv%3D0.00575%26s2sParam%3D56fe7864-39eb-4370-85c5-a83ca0f342e2
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8a5d82d2ee8d71a4-LHR
alt-svc: h3=":443"; ma=86400
DNS

gem.gbc.criteo.com

msedge.exe

Remote address:

8.8.8.8:53

Request

gem.gbc.criteo.com

IN A

Response

gem.gbc.criteo.com

IN CNAME

gbc1.fr3.eu.criteo.com

gbc1.fr3.eu.criteo.com

IN A

185.235.86.38

gbc1.fr3.eu.criteo.com

IN A

185.235.86.41

gbc1.fr3.eu.criteo.com

IN A

185.235.86.33

gbc1.fr3.eu.criteo.com

IN A

185.235.86.52

gbc1.fr3.eu.criteo.com

IN A

185.235.86.48

gbc1.fr3.eu.criteo.com

IN A

185.235.86.40

gbc1.fr3.eu.criteo.com

IN A

185.235.86.49

gbc1.fr3.eu.criteo.com

IN A

185.235.86.44

gbc1.fr3.eu.criteo.com

IN A

185.235.86.37

gbc1.fr3.eu.criteo.com

IN A

185.235.86.47

gbc1.fr3.eu.criteo.com

IN A

185.235.86.42

gbc1.fr3.eu.criteo.com

IN A

185.235.86.32

gbc1.fr3.eu.criteo.com

IN A

185.235.86.39

gbc1.fr3.eu.criteo.com

IN A

185.235.86.29

gbc1.fr3.eu.criteo.com

IN A

185.235.86.43

gbc1.fr3.eu.criteo.com

IN A

185.235.86.35

gbc1.fr3.eu.criteo.com

IN A

185.235.86.36

gbc1.fr3.eu.criteo.com

IN A

185.235.86.31

gbc1.fr3.eu.criteo.com

IN A

185.235.86.46

gbc1.fr3.eu.criteo.com

IN A

185.235.86.54

gbc1.fr3.eu.criteo.com

IN A

185.235.86.30

gbc1.fr3.eu.criteo.com

IN A

185.235.86.50

gbc1.fr3.eu.criteo.com

IN A

185.235.86.53

gbc1.fr3.eu.criteo.com

IN A

185.235.86.51

gbc1.fr3.eu.criteo.com

IN A

185.235.86.45

gbc1.fr3.eu.criteo.com

IN A

185.235.86.28

gbc1.fr3.eu.criteo.com

IN A

185.235.86.55

gbc1.fr3.eu.criteo.com

IN A

185.235.86.34
DNS

gem.gbc.criteo.com

msedge.exe

Remote address:

8.8.8.8:53

Request

gem.gbc.criteo.com

IN A
GET

https://dnacdn.net/dna

msedge.exe

Remote address:

178.250.1.11:443

Request

GET /dna HTTP/2.0
host: dnacdn.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://gum.criteo.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://gum.criteo.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-length: 0
date: Fri, 19 Jul 2024 20:37:43 GMT
server: Kestrel
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
set-cookie: browser_data=E3grxl9uNmRFc0FiMUZGUlYlMkJXMWtSanRlaGdNNE9CQkNvRmJoRndHTm0yVk1VJTJGWDQ3bjNjd1pZQ2w4R1klMkZCY0l5JTJGcUw4WExESE5SUFRhOVlsWW43ZERIT2JnJTNEJTNE; expires=Wed, 13 Aug 2025 20:37:43 GMT; domain=dnacdn.net; path=/; secure; samesite=none
server-processing-duration-in-ticks: 143439
strict-transport-security: max-age=31536000; preload;
GET

https://dnacdn.net/dna

msedge.exe

Remote address:

178.250.1.11:443

Request

GET /dna HTTP/2.0
host: dnacdn.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://gum.criteo.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://gum.criteo.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: browser_data=E3grxl9uNmRFc0FiMUZGUlYlMkJXMWtSanRlaGdNNE9CQkNvRmJoRndHTm0yVk1VJTJGWDQ3bjNjd1pZQ2w4R1klMkZCY0l5JTJGcUw4WExESE5SUFRhOVlsWW43ZERIT2JnJTNEJTNE

Response

HTTP/2.0 200

content-type: application/json; charset=utf-8
date: Fri, 19 Jul 2024 20:37:44 GMT
server: Kestrel
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
set-cookie: browser_data=8glNAl9uNmRFc0FiMUZGUlYlMkJXMWtSanRlaGdNNE9CQkNvRmJoRndHTm0yVk1VJTJGWDQ3bjNjd1pZQ2w4R1klMkZCY0l5JTJGcUx6TUtOZ0VqT0YyOTZ3MVNYV3lINjJ3JTNEJTNE; expires=Wed, 13 Aug 2025 20:37:44 GMT; domain=dnacdn.net; path=/; secure; samesite=none
server-processing-duration-in-ticks: 146794
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
GET

https://ag.gbc.criteo.com/newidsd

msedge.exe

Remote address:

185.235.86.125:443

Request

GET /newidsd HTTP/2.0
host: ag.gbc.criteo.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://gum.criteo.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://gum.criteo.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: application/json; charset=utf-8
date: Fri, 19 Jul 2024 20:37:43 GMT
server: Kestrel
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
server-processing-duration-in-ticks: 33743
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
DNS

12.155.91.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

12.155.91.199.in-addr.arpa

IN PTR

Response
DNS

12.155.91.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

12.155.91.199.in-addr.arpa

IN PTR

Response
DNS

11.1.250.178.in-addr.arpa

Remote address:

8.8.8.8:53

Request

11.1.250.178.in-addr.arpa

IN PTR

Response
DNS

11.1.250.178.in-addr.arpa

Remote address:

8.8.8.8:53

Request

11.1.250.178.in-addr.arpa

IN PTR

Response
DNS

226.75.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

226.75.250.142.in-addr.arpa

IN PTR

Response

226.75.250.142.in-addr.arpa

IN PTR

par10s41-in-f21e100net
DNS

226.75.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

226.75.250.142.in-addr.arpa

IN PTR

Response

226.75.250.142.in-addr.arpa

IN PTR

par10s41-in-f21e100net
GET

https://gem.gbc.criteo.com/newidsd

msedge.exe

Remote address:

185.235.86.38:443

Request

GET /newidsd HTTP/2.0
host: gem.gbc.criteo.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://gum.criteo.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://gum.criteo.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: application/json; charset=utf-8
date: Fri, 19 Jul 2024 20:37:43 GMT
server: Kestrel
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
server-processing-duration-in-ticks: 25628
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
DNS

woreppercomming.com

msedge.exe

Remote address:

8.8.8.8:53

Request

woreppercomming.com

IN A

Response

woreppercomming.com

IN A

18.165.227.106

woreppercomming.com

IN A

18.165.227.64

woreppercomming.com

IN A

18.165.227.80

woreppercomming.com

IN A

18.165.227.8
DNS

woreppercomming.com

msedge.exe

Remote address:

8.8.8.8:53

Request

woreppercomming.com

IN A

Response

woreppercomming.com

IN A

18.165.227.80

woreppercomming.com

IN A

18.165.227.8

woreppercomming.com

IN A

18.165.227.106

woreppercomming.com

IN A

18.165.227.64
GET

https://woreppercomming.com/4fabb44a-878d-4024-bdef-2de07d973f5e?campaignname=2_OperaGX&placementname=2_OperaGX_UK_Win_101&bid=5.75&totalcpv=0.00575&channel=File%20Hosting%20&%20Sharing&subchannel=File%20Hosting%20&%20Sharing&medianame=OperaGX_WW_9636&keywords=online%20storage,free%20storage,cloud%20storage,collaboration,backup%20file%20sharing,share%20files,photo%20backup,photo%20sharing,ftp%20replacement,cross%20platform,remote%20access,mobile%20access,send%20large%20files,recover%20files,file%20versioning,undelete,windows,pc,mac,os%20x,linux,iphone,online%20storage,free%20storage,cloud%20storage,collaboration,backup%20file%20sharing,share%20files,photo%20backup,photo%20sharing,ftp%20replacement,cross%20platform,remote%20access,mobile%20access,send%20large%20files,recover%20files,file%20versioning,undelete,windows,pc,mac,os%20x,linux,iphone&sourceid=101&domainid=1&cpv=0.00575&s2sParam=56fe7864-39eb-4370-85c5-a83ca0f342e2

msedge.exe

Remote address:

18.165.227.106:443

Request

GET /4fabb44a-878d-4024-bdef-2de07d973f5e?campaignname=2_OperaGX&placementname=2_OperaGX_UK_Win_101&bid=5.75&totalcpv=0.00575&channel=File%20Hosting%20&%20Sharing&subchannel=File%20Hosting%20&%20Sharing&medianame=OperaGX_WW_9636&keywords=online%20storage,free%20storage,cloud%20storage,collaboration,backup%20file%20sharing,share%20files,photo%20backup,photo%20sharing,ftp%20replacement,cross%20platform,remote%20access,mobile%20access,send%20large%20files,recover%20files,file%20versioning,undelete,windows,pc,mac,os%20x,linux,iphone,online%20storage,free%20storage,cloud%20storage,collaboration,backup%20file%20sharing,share%20files,photo%20backup,photo%20sharing,ftp%20replacement,cross%20platform,remote%20access,mobile%20access,send%20large%20files,recover%20files,file%20versioning,undelete,windows,pc,mac,os%20x,linux,iphone&sourceid=101&domainid=1&cpv=0.00575&s2sParam=56fe7864-39eb-4370-85c5-a83ca0f342e2 HTTP/2.0
host: woreppercomming.com
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 302

content-length: 0
location: https://www.chancial.com/5PNNB9Z/L2WFNRF/?sub1=c25be22e-ac35-4bba-a2b8-212f01034d26&sub2=webpl02ren82icr23vjd3eg2
date: Fri, 19 Jul 2024 20:37:43 GMT
server: nginx
cache-control: no-store, no-cache, pre-check=0, post-check=0
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
set-cookie: 4fabb44a-878d-4024-bdef-2de07d973f5e-v4=Bs5k2SrK2RviJTC5O4J5x-vE8RbPAoYDIPkfX2pKKPE; Max-Age=86400; Expires=Sat, 20-Jul-2024 20:37:43 GMT; Domain=woreppercomming.com; Path=/; Secure; HttpOnly;SameSite=None
set-cookie: voluum-cid-v4=%7B%22cid%22%3A%22webpl02ren82icr23vjd3eg2%22%2C%22caid%22%3A%224fabb44a-878d-4024-bdef-2de07d973f5e%22%7D; Max-Age=31536000; Expires=Sat, 19-Jul-2025 20:37:43 GMT; Domain=woreppercomming.com; Path=/; Secure; HttpOnly;SameSite=None
x-cache: Miss from cloudfront
via: 1.1 7b5cd9167634df8189bb5a88ba570ee0.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR61-P5
x-amz-cf-id: IaDDfpA4aagn9DZebaRe3hg7ZxFB_lHRVjVNJc4ZGQw6uGqBSg_CYQ==
DNS

www.chancial.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.chancial.com

IN A

Response

www.chancial.com

IN A

172.67.141.135

www.chancial.com

IN A

104.21.79.34
GET

https://www.chancial.com/5PNNB9Z/L2WFNRF/?sub1=c25be22e-ac35-4bba-a2b8-212f01034d26&sub2=webpl02ren82icr23vjd3eg2

msedge.exe

Remote address:

172.67.141.135:443

Request

GET /5PNNB9Z/L2WFNRF/?sub1=c25be22e-ac35-4bba-a2b8-212f01034d26&sub2=webpl02ren82icr23vjd3eg2 HTTP/2.0
host: www.chancial.com
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 302

date: Fri, 19 Jul 2024 20:37:44 GMT
content-type: text/html; charset=utf-8
location: https://www.opera.com/gx?utm_content=2923_c25be22e-ac35-4bba-a2b8-212f01034d26&utm_source=PWNgames&utm_medium=pa&utm_campaign=PWN_GB_XVR_WEB_2923&utm_id=32f54866229d40f3917a78bb3a53e27b&edition=std-2
accept-ch: Sec-Ch-Ua-Platform-Version,Sec-Ch-Ua-Model
x-eflow-request-id: 9fda8226-7d86-48ce-bf9d-7362707f3a60
via: 1.1 google, 1.1 varnish
accept-ranges: bytes
x-served-by: cache-lcy-eglc8600030-LCY
x-cache: MISS
x-cache-hits: 0
x-timer: S1721421464.098613,VS0,VE100
vary: Origin
set-cookie: uniqueClick_L2WFNRF=afd6b69b-9b2c-46f3-8856-427baeb2914b:1721421464; Path=/; Expires=Sat, 20 Jul 2024 20:37:44 GMT; SameSite=None; Secure
set-cookie: transaction_id=32f54866229d40f3917a78bb3a53e27b; Path=/; Expires=Thu, 17 Oct 2024 20:37:44 GMT; SameSite=None; Secure
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9nut8csndWRrVUtq2AhWCYaI4ZnvW08nSIdYMUJkHO25cZVVN%2BN8gof4bkAzQbpkBZQD70rHWJ46%2B0IgV7QV5u98B8mHfshC04SouqG3GDyUJf3Nv4kPW8oOsYap%2FhtlqCpS"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8a5d82d68b8706f9-LHR
alt-svc: h3=":443"; ma=86400
DNS

www.opera.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.opera.com

IN A

Response

www.opera.com

IN CNAME

front-geo.production.opera-website.route53.opera.com

front-geo.production.opera-website.route53.opera.com

IN A

52.59.107.139

front-geo.production.opera-website.route53.opera.com

IN A

3.124.180.7
GET

https://www.opera.com/gx?utm_content=2923_c25be22e-ac35-4bba-a2b8-212f01034d26&utm_source=PWNgames&utm_medium=pa&utm_campaign=PWN_GB_XVR_WEB_2923&utm_id=32f54866229d40f3917a78bb3a53e27b&edition=std-2

msedge.exe

Remote address:

52.59.107.139:443

Request

GET /gx?utm_content=2923_c25be22e-ac35-4bba-a2b8-212f01034d26&utm_source=PWNgames&utm_medium=pa&utm_campaign=PWN_GB_XVR_WEB_2923&utm_id=32f54866229d40f3917a78bb3a53e27b&edition=std-2 HTTP/2.0
host: www.opera.com
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Fri, 19 Jul 2024 20:37:44 GMT
content-type: text/html; charset=utf-8
content-language: en
referrer-policy: strict-origin-when-cross-origin
cross-origin-opener-policy: same-origin
cache-control: max-age=3600
content-encoding: gzip
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-security-policy: frame-ancestors 'self' https://*.opera.com; upgrade-insecure-requests;
accept-ranges: bytes
DNS

110.53.16.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

110.53.16.104.in-addr.arpa

IN PTR

Response
DNS

38.86.235.185.in-addr.arpa

Remote address:

8.8.8.8:53

Request

38.86.235.185.in-addr.arpa

IN PTR

Response
DNS

125.86.235.185.in-addr.arpa

Remote address:

8.8.8.8:53

Request

125.86.235.185.in-addr.arpa

IN PTR

Response
DNS

106.227.165.18.in-addr.arpa

Remote address:

8.8.8.8:53

Request

106.227.165.18.in-addr.arpa

IN PTR

Response

106.227.165.18.in-addr.arpa

IN PTR

server-18-165-227-106lhr61r cloudfrontnet
DNS

241.150.49.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

241.150.49.20.in-addr.arpa

IN PTR

Response
DNS

135.141.67.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

135.141.67.172.in-addr.arpa

IN PTR

Response
DNS

139.107.59.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

139.107.59.52.in-addr.arpa

IN PTR

Response

139.107.59.52.in-addr.arpa

IN PTR

ec2-52-59-107-139eu-central-1compute amazonawscom
DNS

cdn-production-opera-website.operacdn.com

msedge.exe

Remote address:

8.8.8.8:53

Request

cdn-production-opera-website.operacdn.com

IN A

Response

cdn-production-opera-website.operacdn.com

IN CNAME

cdn-production-opera-website.operacdn.com.edgekey.net

cdn-production-opera-website.operacdn.com.edgekey.net

IN CNAME

e11604.dscf.akamaiedge.net

e11604.dscf.akamaiedge.net

IN A

2.22.132.239
DNS

www.googleoptimize.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.googleoptimize.com

IN A

Response

www.googleoptimize.com

IN A

142.250.178.142
GET

https://cdn-production-opera-website.operacdn.com/staticfiles/mainOne-320.4eb0e0b405f4.css

msedge.exe

Remote address:

2.22.132.239:443

Request

GET /staticfiles/mainOne-320.4eb0e0b405f4.css HTTP/2.0
host: cdn-production-opera-website.operacdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://www.opera.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

x-amz-id-2: koPIXgK44BjJdVkYcJJzjxPd0dJDHvKjeeLQZQ6SLgm27UVpo87ZZLvhHD9qfc2sMRlHG2h8fha3rZjsrwFAPA==
x-amz-request-id: 18ZYH0Q7PTW6B4XZ
last-modified: Thu, 18 Jul 2024 12:02:39 GMT
etag: "4eb0e0b405f45dbf452f8f373a684f5e"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
content-type: text/css
server: AmazonS3
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=31536000
expires: Sat, 19 Jul 2025 20:37:44 GMT
date: Fri, 19 Jul 2024 20:37:44 GMT
content-length: 833
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
GET

https://cdn-production-opera-website.operacdn.com/staticfiles/mainOne-640.9343d3c37bce.css

msedge.exe

Remote address:

2.22.132.239:443

Request

GET /staticfiles/mainOne-640.9343d3c37bce.css HTTP/2.0
host: cdn-production-opera-website.operacdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://www.opera.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

x-amz-id-2: kjd7vKb+hwe1Aaw+5LkcIXMlDk+mu2rysJZOR77aNcC76HTpixgwn+22k67u8Y3noK6utUDxhmgVc+QB8xYsqQ==
x-amz-request-id: 18ZW7S707PNDY09D
last-modified: Thu, 18 Jul 2024 12:02:39 GMT
etag: "9343d3c37bcea9873e6161fb5e7593f7"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
content-type: text/css
server: AmazonS3
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=31536000
expires: Sat, 19 Jul 2025 20:37:44 GMT
date: Fri, 19 Jul 2024 20:37:44 GMT
content-length: 1246
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
GET

https://cdn-production-opera-website.operacdn.com/staticfiles/mainOne-768.5bc032d7f9d0.css

msedge.exe

Remote address:

2.22.132.239:443

Request

GET /staticfiles/mainOne-768.5bc032d7f9d0.css HTTP/2.0
host: cdn-production-opera-website.operacdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://www.opera.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

x-amz-id-2: MenmxCOsoDS/sfgPdR78lXasq8D2nFSSVpnXDoPFHwEF4OhoT43eh52znrrUiXU0ea3vp7G7sCo=
x-amz-request-id: KQE739QP9KDNK1PS
last-modified: Thu, 18 Jul 2024 12:02:39 GMT
etag: "5bc032d7f9d01c5054d3de9c14637760"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
content-type: text/css
server: AmazonS3
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=31536000
expires: Sat, 19 Jul 2025 20:37:44 GMT
date: Fri, 19 Jul 2024 20:37:44 GMT
content-length: 2724
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
GET

https://cdn-production-opera-website.operacdn.com/staticfiles/mainOne-1024.dd5e20c6b159.css

msedge.exe

Remote address:

2.22.132.239:443

Request

GET /staticfiles/mainOne-1024.dd5e20c6b159.css HTTP/2.0
host: cdn-production-opera-website.operacdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://www.opera.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

x-amz-id-2: Mgav1CuJN+/CfkCs4ealmZyx3DzJGv6gYvc7c7p7KRBDKiYCZbLxW8plhhwhyM4g1+gW29Kv8Pq6aueFE8l9UBkoMiB6zq0s5zzMjreJpOQ=
x-amz-request-id: Y2BNGM2DP5Q3F2HC
last-modified: Thu, 18 Jul 2024 12:02:39 GMT
etag: "dd5e20c6b159d1cb7aa7d142d405a5ac"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
content-type: text/css
server: AmazonS3
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=31536000
expires: Sat, 19 Jul 2025 20:37:44 GMT
date: Fri, 19 Jul 2024 20:37:44 GMT
content-length: 1359
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
GET

https://cdn-production-opera-website.operacdn.com/staticfiles/mainOne-1224.791b99cf2009.css

msedge.exe

Remote address:

2.22.132.239:443

Request

GET /staticfiles/mainOne-1224.791b99cf2009.css HTTP/2.0
host: cdn-production-opera-website.operacdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://www.opera.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

x-amz-id-2: YdFpKvV5M9mMzSQfxSWRacGND1M8/e9nYX2YmbLg8H/SPCH8K7Y5b+IOvNd61Xlky/BR5ym0/fY=
x-amz-request-id: TYAERR9C2JPRD8AZ
last-modified: Thu, 18 Jul 2024 12:02:39 GMT
etag: "791b99cf2009d2cab0d7e3497a2408cd"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
content-type: text/css
server: AmazonS3
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=31536000
expires: Sat, 19 Jul 2025 20:37:44 GMT
date: Fri, 19 Jul 2024 20:37:44 GMT
content-length: 1519
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
GET

https://cdn-production-opera-website.operacdn.com/staticfiles/latinext.d7788e6fd132.css

msedge.exe

Remote address:

2.22.132.239:443

Request

GET /staticfiles/latinext.d7788e6fd132.css HTTP/2.0
host: cdn-production-opera-website.operacdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://www.opera.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

x-amz-id-2: 1+axCk/BnZNZU8JWldriCL6vyZ+up6bWWnmEBKRTluZOtOYFKygplwGUYyZSS66Lf3s4Yb1GPsY=
x-amz-request-id: VWA2G6CWBXMR2WNS
last-modified: Fri, 19 Jul 2024 10:31:16 GMT
etag: "d7788e6fd132349d9ad2deeaaaf4c340"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
content-type: text/css
server: AmazonS3
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=31536000
expires: Sat, 19 Jul 2025 20:37:44 GMT
date: Fri, 19 Jul 2024 20:37:44 GMT
content-length: 434
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
GET

https://cdn-production-opera-website.operacdn.com/staticfiles/mainOne.3c08a47a7925.css

msedge.exe

Remote address:

2.22.132.239:443

Request

GET /staticfiles/mainOne.3c08a47a7925.css HTTP/2.0
host: cdn-production-opera-website.operacdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://www.opera.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

x-amz-id-2: LWVUg51M18j8yMiuK1Kim5LdVh1T5UNDcKbvPOAepKy83JDn1wHLqk0LFhlUjJiHQNYwfcK03ls=
x-amz-request-id: 67PJ76MAZ6VKD4AH
last-modified: Thu, 18 Jul 2024 12:02:39 GMT
etag: "3c08a47a79251bd4fd96aed7716c89a1"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
content-type: text/css
server: AmazonS3
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=31536000
expires: Sat, 19 Jul 2025 20:37:44 GMT
date: Fri, 19 Jul 2024 20:37:44 GMT
content-length: 16265
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
GET

https://cdn-production-opera-website.operacdn.com/staticfiles/main.16b83e3049db.js

msedge.exe

Remote address:

2.22.132.239:443

Request

GET /staticfiles/main.16b83e3049db.js HTTP/2.0
host: cdn-production-opera-website.operacdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.opera.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

x-amz-id-2: Cb/KY/b1LM/21jFy8F1wwcOzfhlYlCg1Ew4z63m7Ks8P0XdPnMRlPgIQ5VJc7UrB0WwuWVAIMYI9x/uM9tXUt5R/0Bn2EhuYTkFViss7X+c=
x-amz-request-id: BMK74YCMAMN9CW9R
last-modified: Thu, 18 Jul 2024 12:02:38 GMT
etag: "16b83e3049db352beb376e4c55028fbe"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
content-type: application/javascript
server: AmazonS3
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=31536000
expires: Sat, 19 Jul 2025 20:37:44 GMT
date: Fri, 19 Jul 2024 20:37:44 GMT
content-length: 30372
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
GET

https://cdn-production-opera-website.operacdn.com/staticfiles/assets/images/sections/2023/hero-top/gx/opera__gx--hero--non-opera.5a647a245a5d.webp

msedge.exe

Remote address:

2.22.132.239:443

Request

GET /staticfiles/assets/images/sections/2023/hero-top/gx/opera__gx--hero--non-opera.5a647a245a5d.webp HTTP/2.0
host: cdn-production-opera-website.operacdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.opera.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

x-amz-id-2: z8aiu8p49HucII78MPlhGKERTSuwdN+APulhObJ9t2sYyOWf6DKcN/5n3xT/a2A5uUoXZ899Oh8=
x-amz-request-id: 8MP7NFEQ5NT6PJP8
last-modified: Fri, 19 Jul 2024 10:30:31 GMT
etag: "5a647a245a5dd27775e8b96f194d1536"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
content-type: binary/octet-stream
server: AmazonS3
content-length: 152742
cache-control: max-age=31536000
expires: Sat, 19 Jul 2025 20:37:44 GMT
date: Fri, 19 Jul 2024 20:37:44 GMT
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
GET

https://cdn-production-opera-website.operacdn.com/staticfiles/assets/images/sections/2023/hero-top/gx/opera__gx--hero.34d998b1b76e.webp

msedge.exe

Remote address:

2.22.132.239:443

Request

GET /staticfiles/assets/images/sections/2023/hero-top/gx/opera__gx--hero.34d998b1b76e.webp HTTP/2.0
host: cdn-production-opera-website.operacdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.opera.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://www.googleoptimize.com/optimize.js?id=GTM-5HKZ2H4

msedge.exe

Remote address:

142.250.178.142:443

Request

GET /optimize.js?id=GTM-5HKZ2H4 HTTP/2.0
host: www.googleoptimize.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.opera.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

239.132.22.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

239.132.22.2.in-addr.arpa

IN PTR

Response

239.132.22.2.in-addr.arpa

IN PTR

a2-22-132-239deploystaticakamaitechnologiescom
DNS

50.23.12.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

50.23.12.20.in-addr.arpa

IN PTR

Response
DNS

171.39.242.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

171.39.242.20.in-addr.arpa

IN PTR

Response
DNS

22.58.20.217.in-addr.arpa

Remote address:

8.8.8.8:53

Request

22.58.20.217.in-addr.arpa

IN PTR

Response
DNS

172.210.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.210.232.199.in-addr.arpa

IN PTR

Response
DNS

a.nel.cloudflare.com

msedge.exe

Remote address:

8.8.8.8:53

Request

a.nel.cloudflare.com

IN A

Response

a.nel.cloudflare.com

IN A

35.190.80.1
DNS

a.nel.cloudflare.com

msedge.exe

Remote address:

8.8.8.8:53

Request

a.nel.cloudflare.com

IN A
OPTIONS

https://a.nel.cloudflare.com/report/v4?s=6qzdaO3KWpn%2F%2BvG1%2FKaYahGg4dCryepT7E5%2BjwsJ6FserkMsXWKCSy%2B1vhEAqvigSKmgiyCZxgQA6lM9Gx%2FM5v%2FwwvA357JoRIRUGGU%2FvhuchKYTocfACT13ow63Fk8zzo42ZtK1

msedge.exe

Remote address:

35.190.80.1:443

Request

OPTIONS /report/v4?s=6qzdaO3KWpn%2F%2BvG1%2FKaYahGg4dCryepT7E5%2BjwsJ6FserkMsXWKCSy%2B1vhEAqvigSKmgiyCZxgQA6lM9Gx%2FM5v%2FwwvA357JoRIRUGGU%2FvhuchKYTocfACT13ow63Fk8zzo42ZtK1 HTTP/2.0
host: a.nel.cloudflare.com
origin: https://www.mediafiredls.com
access-control-request-method: POST
access-control-request-headers: content-type
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

1.80.190.35.in-addr.arpa

Remote address:

8.8.8.8:53

Request

1.80.190.35.in-addr.arpa

IN PTR

Response

1.80.190.35.in-addr.arpa

IN PTR

18019035bcgoogleusercontentcom
DNS

1.80.190.35.in-addr.arpa

Remote address:

8.8.8.8:53

Request

1.80.190.35.in-addr.arpa

IN PTR
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

ax-0001.ax-msedge.net

ax-0001.ax-msedge.net

IN A

150.171.28.10

ax-0001.ax-msedge.net

IN A

150.171.27.10
GET

https://tse1.mm.bing.net/th?id=OADD2.10239340418541_1R6VGP5QQCA6F4RQL&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

150.171.28.10:443

Request

GET /th?id=OADD2.10239340418541_1R6VGP5QQCA6F4RQL&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 550977
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 0727B9806586424799BF25784064A54C Ref B: LON04EDGE0922 Ref C: 2024-07-19T20:39:04Z
date: Fri, 19 Jul 2024 20:39:03 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239339388119_10QYQ7X0D3WF71UDP&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

150.171.28.10:443

Request

GET /th?id=OADD2.10239339388119_10QYQ7X0D3WF71UDP&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 874040
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 0C0D5BF4E0E046828ABE87E103CD434F Ref B: LON04EDGE0922 Ref C: 2024-07-19T20:39:04Z
date: Fri, 19 Jul 2024 20:39:03 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301047_1S8G2IIVJ6Z2H00N1&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

150.171.28.10:443

Request

GET /th?id=OADD2.10239317301047_1S8G2IIVJ6Z2H00N1&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 529279
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 97C373E6EACD494C9DCA75F5B8974442 Ref B: LON04EDGE0922 Ref C: 2024-07-19T20:39:04Z
date: Fri, 19 Jul 2024 20:39:03 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239340418542_1M27CNBNVY6AXHL84&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

150.171.28.10:443

Request

GET /th?id=OADD2.10239340418542_1M27CNBNVY6AXHL84&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 616456
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: EFDCB8A24C3E4E2298ACF1ADA1CC3947 Ref B: LON04EDGE0922 Ref C: 2024-07-19T20:39:04Z
date: Fri, 19 Jul 2024 20:39:03 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239339388120_11G57HW9RPFMLC262&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

150.171.28.10:443

Request

GET /th?id=OADD2.10239339388120_11G57HW9RPFMLC262&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 585322
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 798089BE329749D79CFD88F2F548E9D9 Ref B: LON04EDGE0922 Ref C: 2024-07-19T20:39:04Z
date: Fri, 19 Jul 2024 20:39:03 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301480_1GLUO11W92SWCVMG3&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

150.171.28.10:443

Request

GET /th?id=OADD2.10239317301480_1GLUO11W92SWCVMG3&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 769326
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 3220378FCC6D4821BD9ACE5BA9778D47 Ref B: LON04EDGE0922 Ref C: 2024-07-19T20:39:04Z
date: Fri, 19 Jul 2024 20:39:04 GMT
DNS

23.236.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

23.236.111.52.in-addr.arpa

IN PTR

Response
DNS

10.28.171.150.in-addr.arpa

Remote address:

8.8.8.8:53

Request

10.28.171.150.in-addr.arpa

IN PTR

Response
DNS

10.28.171.150.in-addr.arpa

Remote address:

8.8.8.8:53

Request

10.28.171.150.in-addr.arpa

IN PTR

Response

199.91.152.148:443

https://download1648.mediafire.com/x4lw8p3316ugR2u52XkMiF3mLXmyAHMDPwKY8NfbCGOAz4xQFHxw8QE20WvIPIE8EPzy1BEFL3slKqTGxUZRQ8xVQe7tByQq5ipm-bgmBJio8o13pWQK9KzsTTU915X-9y5YgYbQIKFMwX4A0ajUgJB9MGKcppTD4wo1KF1iYr3B-w/vehz5gm393ydtoz/nitrogen.zip

tls, http

msedge.exe

1.9kB
5.2kB
10
10

HTTP Request

GET https://download1648.mediafire.com/x4lw8p3316ugR2u52XkMiF3mLXmyAHMDPwKY8NfbCGOAz4xQFHxw8QE20WvIPIE8EPzy1BEFL3slKqTGxUZRQ8xVQe7tByQq5ipm-bgmBJio8o13pWQK9KzsTTU915X-9y5YgYbQIKFMwX4A0ajUgJB9MGKcppTD4wo1KF1iYr3B-w/vehz5gm393ydtoz/nitrogen.zip

HTTP Response

302
104.16.113.74:443

https://www.mediafire.com/cdn-cgi/rum?

tls, http2

msedge.exe

121.3kB
512.8kB
443
529

HTTP Request

GET https://www.mediafire.com/download_repair.php?flag=9&dkey=x4lw8p3316ugR2u52XkMiF3mLXmyAHMDPwKY8NfbCGOAz4xQFHxw8QE20WvIPIE8EPzy1BEFL3slKqTGxUZRQ8xVQe7tByQq5ipm%2DbgmBJio8o13pWQK9KzsTTU915X%2D9y5YgYbQIKFMwX4A0ajUgJB9MGKcppTD4wo1KF1iYr3B%2Dw&qkey=vehz5gm393ydtoz&ip=194%2E110%2E13%2E70

HTTP Response

200

HTTP Request

GET https://static.mediafire.com/css/mfv3_121931.php?ver=ssl

HTTP Request

GET https://static.mediafire.com/css/mfv4_121931.php?ver=ssl&date=2024-07-19

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://static.mediafire.com/js/master_121931.js

HTTP Request

GET https://static.mediafire.com/images/backgrounds/header/mf_logo_u1_full_color_reversed.svg

HTTP Request

GET https://static.mediafire.com/images/backgrounds/header/mf_logo_u1_full_color.svg

HTTP Request

GET https://www.mediafire.com/images/icons/myfiles/default.png

HTTP Response

200

HTTP Request

GET https://www.mediafire.com/blank.html

HTTP Request

GET https://www.mediafire.com/templates/upgrade/upgrade_button.php

HTTP Request

GET https://static.mediafire.com/images/icons/svg_dark/icons_sprite.svg

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://www.mediafire.com/blank.html

HTTP Response

200

HTTP Request

GET https://static.mediafire.com/images/backgrounds/download/download_status/download_new_key.svg

HTTP Response

304

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://www.mediafire.com/blank.html

HTTP Request

GET https://static.mediafire.com/images/icons/svg_dark/social_icons_sprite.svg

HTTP Request

GET https://static.mediafire.com/images/icons/svg_light/facebook.svg

HTTP Request

GET https://static.mediafire.com/images/icons/svg_light/twitter.svg

HTTP Response

200

HTTP Request

GET https://www.mediafire.com/cdn-cgi/challenge-platform/scripts/jsd/main.js

HTTP Response

304

HTTP Request

GET https://www.mediafire.com/blank.html

HTTP Response

200

HTTP Response

200

HTTP Response

302

HTTP Response

304

HTTP Request

GET https://www.mediafire.com/cdn-cgi/challenge-platform/scripts/jsd/main.js

HTTP Request

GET https://www.mediafire.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/bbfecc7f1c71/main.js?

HTTP Response

302

HTTP Response

200

HTTP Request

GET https://www.mediafire.com/cdn-cgi/challenge-platform/scripts/jsd/main.js

HTTP Response

302

HTTP Request

GET https://www.mediafire.com/cdn-cgi/challenge-platform/scripts/jsd/main.js

HTTP Response

302

HTTP Request

GET https://www.mediafire.com/cdn-cgi/challenge-platform/scripts/jsd/main.js

HTTP Response

302

HTTP Request

GET https://www.mediafire.com/cdn-cgi/challenge-platform/scripts/jsd/main.js

HTTP Response

302

HTTP Request

POST https://www.mediafire.com/cdn-cgi/challenge-platform/h/b/jsd/r/8a5d82791ef29565

HTTP Response

200

HTTP Request

POST https://www.mediafire.com/cdn-cgi/challenge-platform/h/b/jsd/r/8a5d8275da109565

HTTP Response

200

HTTP Request

POST https://www.mediafire.com/cdn-cgi/challenge-platform/h/b/jsd/r/8a5d82791ef29565

HTTP Response

200

HTTP Request

POST https://www.mediafire.com/cdn-cgi/challenge-platform/h/b/jsd/r/8a5d82791ef69565

HTTP Response

200

HTTP Request

POST https://www.mediafire.com/cdn-cgi/challenge-platform/h/b/jsd/r/8a5d82791ef29565

HTTP Response

200

HTTP Request

POST https://www.mediafire.com/cdn-cgi/challenge-platform/h/b/jsd/r/8a5d82791ef29565

HTTP Response

200

HTTP Request

GET https://static.mediafire.com/images/icons/svg_dark/arrow_dropdown.svg

HTTP Response

200

HTTP Request

POST https://www.mediafire.com/cdn-cgi/rum?

HTTP Request

GET https://www.mediafire.com/favicon.ico

HTTP Response

204

HTTP Response

200

HTTP Request

GET https://static.mediafire.com/images/icons/svg_dark/loading_indeterminate.svg

HTTP Response

200

HTTP Request

GET https://www.mediafire.com/file/vehz5gm393ydtoz/nitrogen.zip

HTTP Response

200

HTTP Request

POST https://www.mediafire.com/cdn-cgi/rum?

HTTP Response

204

HTTP Request

GET https://static.mediafire.com/images/backgrounds/header/mf_logo_full_color.svg

HTTP Request

GET https://static.mediafire.com/images/filetype/file-zip-v3.png

HTTP Request

GET https://www.mediafire.com/images/icons/svg_light/icons_sprite.svg

HTTP Request

GET https://static.mediafire.com/images/backgrounds/download/apps_list_sprite-v6.png

HTTP Request

GET https://www.mediafire.com/images/icons/svg_dark/arrow_dropdown.svg

HTTP Request

GET https://static.mediafire.com/images/icons/svg_dark/check_circle_green.svg

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://static.mediafire.com/images/backgrounds/download/social/fb_16x16.png

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://static.mediafire.com/images/backgrounds/footer/social/footerIcons.png

HTTP Response

200

HTTP Request

GET https://www.mediafire.com/js/prebid8.10.0.js

HTTP Response

200

HTTP Request

POST https://www.mediafire.com/cdn-cgi/rum?

HTTP Response

204

HTTP Request

POST https://www.mediafire.com/cdn-cgi/rum?

HTTP Response

204
216.58.214.68:443

https://www.google.com/recaptcha/api.js

tls, http2

msedge.exe

1.9kB
7.4kB
17
18

HTTP Request

GET https://www.google.com/recaptcha/api.js
216.58.214.74:443

https://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js

tls, http2

msedge.exe

2.8kB
42.4kB
36
40

HTTP Request

GET https://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js
104.16.79.73:443

https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015

tls, http2

msedge.exe

1.9kB
11.0kB
17
20

HTTP Request

GET https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015

HTTP Response

200
18.154.84.20:443

https://cdn.amplitude.com/libs/amplitude-8.5.0-min.gz.js

tls, http2

msedge.exe

3.5kB
30.4kB
32
33

HTTP Request

GET https://cdn.amplitude.com/libs/amplitude-8.5.0-min.gz.js

HTTP Response

200
142.250.178.142:443

https://fundingchoicesmessages.google.com/i/183096492?ers=3

tls, http2

msedge.exe

4.3kB
115.9kB
66
94

HTTP Request

GET https://translate.google.com/translate_a/element.js?cb=googleTranslateElementInit

HTTP Request

GET https://fundingchoicesmessages.google.com/i/183096492?ers=3
35.166.106.30:443

https://api.amplitude.com/

tls, http2

msedge.exe

5.3kB
7.0kB
21
23

HTTP Request

POST https://api.amplitude.com/

HTTP Response

200

HTTP Request

POST https://api.amplitude.com/

HTTP Response

200
142.250.178.138:443

https://translate-pa.googleapis.com/v1/supportedLanguages?client=te&display_language=en-GB&key=AIzaSyBWDj0QJvVIx8XOhRegXX5_SrRWxhT5Hs4&callback=callback

tls, http2

msedge.exe

4.0kB
86.1kB
57
74

HTTP Request

GET https://translate.googleapis.com/_/translate_http/_/js/k=translate_http.tr.en_GB.jnpJ8uL5rbI.O/am=ACA/d=1/exm=el_conf/ed=1/rs=AN8SPfoG5JGfvXM4UPJfZ0KSmvU8fgHzBQ/m=el_main

HTTP Request

GET https://translate-pa.googleapis.com/v1/supportedLanguages?client=te&display_language=en-GB&key=AIzaSyBWDj0QJvVIx8XOhRegXX5_SrRWxhT5Hs4&callback=callback
216.239.34.36:443

https://region1.analytics.google.com/g/collect?v=2&tid=G-K68XP6D85D&gtm=45je47h0v887485693z86304663za200zb6304663&_p=1721421448433&_gaz=1&gcd=13l3l3l3l1&npa=0&dma=0&tag_exp=0&cid=1100413091.1721421450&ul=en-us&sr=1280x720&uaa=x86&uamb=0&uam=&uap=Windows&uapv=10.0&uaw=0&frm=0&pscdl=noapi&_s=1&sid=1721421449&sct=1&seg=0&dl=https%3A%2F%2Fwww.mediafire.com%2Fdownload_repair.php%3Fflag%3D9%26dkey%3Dx4lw8p3316ugR2u52XkMiF3mLXmyAHMDPwKY8NfbCGOAz4xQFHxw8QE20WvIPIE8EPzy1BEFL3slKqTGxUZRQ8xVQe7tByQq5ipm%252DbgmBJio8o13pWQK9KzsTTU915X%252D9y5YgYbQIKFMwX4A0ajUgJB9MGKcppTD4wo1KF1iYr3B%252Dw%26qkey%3Dvehz5gm393ydtoz%26ip%3D194%252E110%252E13%252E70&dt=File%20sharing%20and%20storage%20made%20simple&en=page_view&_fv=1&_nsi=1&_ss=1&up.page_url=https%3A%2F%2Fwww.mediafire.com%2Fdownload_repair.php%3Fflag%3D9%26dkey%3Dx4lw8p3316ugR2u52XkMiF3mLXmyAHMDPwKY8NfbCGOAz4xQFHxw8QE20WvIPIE8EPzy1BEFL3slKqTGxUZRQ8xVQe7tByQq5ipm%252DbgmBJio8o13pWQK9KzsTTU915X%252D9y5YgYbQIKFMwX4A0ajUgJB9MGKcppTD4wo1KF1iYr3B%252Dw%26qkey%3Dvehz5gm393ydtoz%26ip%3D194%252E110%252E13%252E70&tfd=3000&_z=fetch

tls, http2

msedge.exe

2.5kB
6.7kB
14
12

HTTP Request

POST https://region1.analytics.google.com/g/collect?v=2&tid=G-K68XP6D85D&gtm=45je47h0v887485693z86304663za200zb6304663&_p=1721421448433&_gaz=1&gcd=13l3l3l3l1&npa=0&dma=0&tag_exp=0&cid=1100413091.1721421450&ul=en-us&sr=1280x720&uaa=x86&uamb=0&uam=&uap=Windows&uapv=10.0&uaw=0&frm=0&pscdl=noapi&_s=1&sid=1721421449&sct=1&seg=0&dl=https%3A%2F%2Fwww.mediafire.com%2Fdownload_repair.php%3Fflag%3D9%26dkey%3Dx4lw8p3316ugR2u52XkMiF3mLXmyAHMDPwKY8NfbCGOAz4xQFHxw8QE20WvIPIE8EPzy1BEFL3slKqTGxUZRQ8xVQe7tByQq5ipm%252DbgmBJio8o13pWQK9KzsTTU915X%252D9y5YgYbQIKFMwX4A0ajUgJB9MGKcppTD4wo1KF1iYr3B%252Dw%26qkey%3Dvehz5gm393ydtoz%26ip%3D194%252E110%252E13%252E70&dt=File%20sharing%20and%20storage%20made%20simple&en=page_view&_fv=1&_nsi=1&_ss=1&up.page_url=https%3A%2F%2Fwww.mediafire.com%2Fdownload_repair.php%3Fflag%3D9%26dkey%3Dx4lw8p3316ugR2u52XkMiF3mLXmyAHMDPwKY8NfbCGOAz4xQFHxw8QE20WvIPIE8EPzy1BEFL3slKqTGxUZRQ8xVQe7tByQq5ipm%252DbgmBJio8o13pWQK9KzsTTU915X%252D9y5YgYbQIKFMwX4A0ajUgJB9MGKcppTD4wo1KF1iYr3B%252Dw%26qkey%3Dvehz5gm393ydtoz%26ip%3D194%252E110%252E13%252E70&tfd=3000&_z=fetch
74.125.71.156:443

https://stats.g.doubleclick.net/g/collect?v=2&tid=G-K68XP6D85D&cid=1100413091.1721421450&gtm=45je47h0v887485693z86304663za200zb6304663&aip=1&dma=0&gcd=13l3l3l3l1&npa=0&frm=0

tls, http2

msedge.exe

1.9kB
6.6kB
15
17

HTTP Request

POST https://stats.g.doubleclick.net/g/collect?v=2&tid=G-K68XP6D85D&cid=1100413091.1721421450&gtm=45je47h0v887485693z86304663za200zb6304663&aip=1&dma=0&gcd=13l3l3l3l1&npa=0&frm=0
172.217.20.163:443

https://www.google.co.uk/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-K68XP6D85D&cid=1100413091.1721421450&gtm=45je47h0v887485693z86304663za200zb6304663&aip=1&dma=0&gcd=13l3l3l3l1&npa=0&frm=0&z=568737169

tls, http2

msedge.exe

1.9kB
6.5kB
15
18

HTTP Request

GET https://www.google.co.uk/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-K68XP6D85D&cid=1100413091.1721421450&gtm=45je47h0v887485693z86304663za200zb6304663&aip=1&dma=0&gcd=13l3l3l3l1&npa=0&frm=0&z=568737169
204.79.197.237:443

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=dd4cfd9abf13428982f2c69b08236484&localId=w:7644E81C-AD49-10CC-B943-5E44723BEB42&deviceId=6896204247012457&anid=

tls, http2

2.2kB
9.3kB
22
18

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=dd4cfd9abf13428982f2c69b08236484&localId=w:7644E81C-AD49-10CC-B943-5E44723BEB42&deviceId=6896204247012457&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=dd4cfd9abf13428982f2c69b08236484&localId=w:7644E81C-AD49-10CC-B943-5E44723BEB42&deviceId=6896204247012457&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=dd4cfd9abf13428982f2c69b08236484&localId=w:7644E81C-AD49-10CC-B943-5E44723BEB42&deviceId=6896204247012457&anid=

HTTP Response

204
104.21.42.32:443

https://privacy.gatekeeperconsent.com/tcf2_stub.js

tls, http2

msedge.exe

2.7kB
45.8kB
34
51

HTTP Request

GET https://the.gatekeeperconsent.com/cmp.min.js

HTTP Response

200

HTTP Request

GET https://the.gatekeeperconsent.com/v2/cmp.js?v=230

HTTP Request

GET https://privacy.gatekeeperconsent.com/tcf2_stub.js

HTTP Response

200

HTTP Response

200
172.67.41.60:443

https://btloader.com/tag?o=5678961798414336&upapi=true

tls, http2

msedge.exe

2.3kB
23.3kB
27
28

HTTP Request

GET https://btloader.com/tag?o=5678961798414336&upapi=true

HTTP Response

200
104.21.63.106:443

https://www.ezojs.com/ezoic/sa.min.js

tls, http2

msedge.exe

3.1kB
47.6kB
44
48

HTTP Request

GET https://www.ezojs.com/ezoic/sa.min.js

HTTP Response

200
172.67.199.186:443

https://the.gatekeeperconsent.com/cmp/v2/main_modal_firstpage?domain=www.mediafire.com&region=default&lang=en-US&cb=231&changeLogId=593543

tls, http2

msedge.exe

4.1kB
95.2kB
54
88

HTTP Request

GET https://privacy.gatekeeperconsent.com/consent_modules.json

HTTP Response

200

HTTP Request

GET https://the.gatekeeperconsent.com/v2/config.json?domain=www.mediafire.com&changeLogId=0&cb=0

HTTP Response

200

HTTP Request

GET https://the.gatekeeperconsent.com/cmp/gvl.json?v=9&lang=en

HTTP Response

200

HTTP Request

OPTIONS https://the.gatekeeperconsent.com/cmp/v2/main_modal_firstpage?domain=www.mediafire.com&region=default&lang=en-US&cb=231&changeLogId=593543

HTTP Response

200

HTTP Request

GET https://the.gatekeeperconsent.com/cmp/v2/main_modal_firstpage?domain=www.mediafire.com&region=default&lang=en-US&cb=231&changeLogId=593543

HTTP Response

200
104.16.52.110:443

https://otnolatrnup.com/hideref.engine?d=https%3A%2F%2Fworeppercomming.com%2F4fabb44a-878d-4024-bdef-2de07d973f5e%3Fcampaignname%3D2_OperaGX%26placementname%3D2_OperaGX_UK_Win_101%26bid%3D5.75%26totalcpv%3D0.00575%26channel%3DFile%2BHosting%2B%2526%2BSharing%26subchannel%3DFile%2BHosting%2B%2526%2BSharing%26medianame%3DOperaGX_WW_9636%26keywords%3Donline+storage%2Cfree+storage%2Ccloud+storage%2Ccollaboration%2Cbackup+file+sharing%2Cshare+files%2Cphoto+backup%2Cphoto+sharing%2Cftp+replacement%2Ccross+platform%2Cremote+access%2Cmobile+access%2Csend+large+files%2Crecover+files%2Cfile+versioning%2Cundelete%2Cwindows%2Cpc%2Cmac%2Cos+x%2Clinux%2Ciphone%2Conline+storage%2Cfree+storage%2Ccloud+storage%2Ccollaboration%2Cbackup+file+sharing%2Cshare+files%2Cphoto+backup%2Cphoto+sharing%2Cftp+replacement%2Ccross+platform%2Cremote+access%2Cmobile+access%2Csend+large+files%2Crecover+files%2Cfile+versioning%2Cundelete%2Cwindows%2Cpc%2Cmac%2Cos+x%2Clinux%2Ciphone%26sourceid%3D101%26domainid%3D1%26cpv%3D0.00575%26s2sParam%3D56fe7864-39eb-4370-85c5-a83ca0f342e2

tls, http2

msedge.exe

13.0kB
83.8kB
74
84

HTTP Request

GET https://cdn.otnolatrnup.com/Scripts/infinity.js.aspx?guid=5ff0fb62-0643-4ff1-aaee-c737f9ffc0e0

HTTP Response

200

HTTP Request

GET https://otnolatrnup.com/Tag.engine?time=0&id=5ff0fb62-0643-4ff1-aaee-c737f9ffc0e0&rand=62020&ver=async&referrerUrl=https%3A%2F%2Fwww.mediafire.com%2Fdownload_repair.php%3Fflag%3D9%26dkey%3Dx4lw8p3316ugR2u52XkMiF3mLXmyAHMDPwKY8NfbCGOAz4xQFHxw8QE20WvIPIE8EPzy1BEFL3slKqTGxUZRQ8xVQe7tByQq5ipm%252DbgmBJio8o13pWQK9KzsTTU915X%252D9y5YgYbQIKFMwX4A0ajUgJB9MGKcppTD4wo1KF1iYr3B%252Dw%26qkey%3Dvehz5gm393ydtoz%26ip%3D194%252E110%252E13%252E70&fingerPrint=123&abr=false&stdTime=0&fpe=1&bw=1280&bh=609&res=1280x720&curl=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fvehz5gm393ydtoz%2Fnitrogen.zip&kw=online%20storage%2Cfree%20storage%2Ccloud%20storage%2Ccollaboration%2Cbackup%20file%20sharing%2Cshare%20files%2Cphoto%20backup%2Cphoto%20sharing%2Cftp%20replacement%2Ccross%20platform%2Cremote%20access%2Cmobile%20access%2Csend%20large%20files%2Crecover%20files%2Cfile%20versioning%2Cundelete%2Cwindows%2Cpc%2Cmac%2Cos%20x%2Clinux%2Ciphone

HTTP Response

200

HTTP Request

GET https://otnolatrnup.com/fp.engine?id=5ff0fb62-0643-4ff1-aaee-c737f9ffc0e0&rand=33492&ver=async&time=0&referrerUrl=https%3A%2F%2Fwww.mediafire.com%2Fdownload_repair.php%3Fflag%3D9%26dkey%3Dx4lw8p3316ugR2u52XkMiF3mLXmyAHMDPwKY8NfbCGOAz4xQFHxw8QE20WvIPIE8EPzy1BEFL3slKqTGxUZRQ8xVQe7tByQq5ipm%252DbgmBJio8o13pWQK9KzsTTU915X%252D9y5YgYbQIKFMwX4A0ajUgJB9MGKcppTD4wo1KF1iYr3B%252Dw%26qkey%3Dvehz5gm393ydtoz%26ip%3D194%252E110%252E13%252E70&subId=&tid=&abr=false&res=1280x720&stdTime=0&fpe=1&curl=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fvehz5gm393ydtoz%2Fnitrogen.zip&kw=online%20storage%2Cfree%20storage%2Ccloud%20storage%2Ccollaboration%2Cbackup%20file%20sharing%2Cshare%20files%2Cphoto%20backup%2Cphoto%20sharing%2Cftp%20replacement%2Ccross%20platform%2Cremote%20access%2Cmobile%20access%2Csend%20large%20files%2Crecover%20files%2Cfile%20versioning%2Cundelete%2Cwindows%2Cpc%2Cmac%2Cos%20x%2Clinux%2Ciphone&spt=1

HTTP Response

200

HTTP Request

GET https://otnolatrnup.com/Redirect.eng?MediaSegmentId=88101&dcid=1_ctx_d4ddd617-25ed-47ca-ad38-cebbb35e950c&vmId=00000000-0000-0000-0000-000000000000&abr=false&timeZoneOffset=0&dst=False&v=W2Uj58SzulJXrWKbJq2lEXM75hNzb56NGW-zeNRjoNyKWGUVgmhD9Q0pZxT7cxoZvg3JMaQEexvYhGfhHiv7kLDDBBaZAzOIC1pFfpmDjnhc8cKCFAWTpKA48CfvdK342FOoKh_XXiCzdz1T00T2asbJ9pyLDRVS3z_7BotHbVLpqZIg2zLJflgS2c-YBCzwCEYYM73oSDQwKWNPF2XAyOMKjxs0YnHErPju3n_IR7cALtlzZG1AR4E2AMqsPVvS6SJ7QqtSiLm-Ir3aLVnAbyNFx-FcBKHh1-hTvAcKoOpV8D1cSFoc2wb2XotQso5i9NEBP44EMN5NKY5rKO7y9W1jLOWal2PfhWnb1c27DpQTxNkYaT_Eb-86snMfoZ0yNSVkOclih0Wg1TEpk7AcYjahAlWYTlH1Kl4aFpTVChKF1v12qpMPqAoM41aHUwmndk73jY7M1aOD3hppmGgAs8ncWS3Ul7oVDHOxRkQIlmF-uqpdae78nMkEThmMshzZIXMtEm8Gaqzuq6iQzz19XO0kYw64tdwUb3WFunuZw_UuvJjNqJZR4VGmfayHcRPAL2xQ7fMUpFdfsB9qyon31yqu7FYv1YBJ9V9qmX-WLu3BxDNf01nW9f_VRe0UCI3TpKq4UFOix_8LiF0s7UL_VDne4Xbt-rEXhzSyuzzwzPocOcdTlYH2ioaAkzIr2NNvqMriUXQkV_DiBj5W2Gybc1u0cBQqaxWQ91Q-zHt8xGYVW5wz69qNKZnkA85Ci30DT05e6T-DnfeMpsW42KWzWVOe2gO-NNBi929Vve1359xy0jkSh6cIZaYngM-NsNP7gOjQ7C10IDpguiKYjNeim63dcCleIlYgqATmBJDfFfO78X3eJuvFmctnLyHm0cTrG1qA6XE9DKMRmtVXH-Rp93ZCG8jkncC_jseHyFmiTyvGors_zrQVerLmwfs-KCNHajPiaX_EDc580YyVbA4lZ4J-Pivq5giZsuvX_ZsN-rU5NcV4c5j2Nr2QDX6rrJQTh2aj_ZJVPle2TX7PUbfkMQsy3vSfCc2zzpH0FXTuoimFNAMMSK9aIf3rl7Ck1U7yPe_ExGxqT0dNs0xQbr-QiQ2&kw=online+storage%2Cfree+storage%2Ccloud+storage%2Ccollaboration%2Cbackup+file+sharing%2Cshare+files%2Cphoto+backup%2Cphoto+sharing%2Cftp+replacement%2Ccross+platform%2Cremote+access%2Cmobile+access%2Csend+large+files%2Crecover+files%2Cfile+versioning%2Cundelete%2Cwindows%2Cpc%2Cmac%2Cos+x%2Clinux%2Ciphone&mw=1024&mh=768&at=&res=1280x720&spt=1&kw=online+storage%2cfree+storage%2ccloud+storage%2ccollaboration%2cbackup+file+sharing%2cshare+files%2cphoto+backup%2cphoto+sharing%2cftp+replacement%2ccross+platform%2cremote+access%2cmobile+access%2csend+large+files%2crecover+files%2cfile+versioning%2cundelete%2cwindows%2cpc%2cmac%2cos+x%2clinux%2ciphone

HTTP Response

302

HTTP Request

GET https://otnolatrnup.com/hideref.engine?d=https%3a%2f%2fworeppercomming.com%2f4fabb44a-878d-4024-bdef-2de07d973f5e%3fcampaignname%3d2_OperaGX%26placementname%3d2_OperaGX_UK_Win_101%26bid%3d5.75%26totalcpv%3d0.00575%26channel%3dFile%2bHosting%2b%2526%2bSharing%26subchannel%3dFile%2bHosting%2b%2526%2bSharing%26medianame%3dOperaGX_WW_9636%26keywords%3donline+storage%2cfree+storage%2ccloud+storage%2ccollaboration%2cbackup+file+sharing%2cshare+files%2cphoto+backup%2cphoto+sharing%2cftp+replacement%2ccross+platform%2cremote+access%2cmobile+access%2csend+large+files%2crecover+files%2cfile+versioning%2cundelete%2cwindows%2cpc%2cmac%2cos+x%2clinux%2ciphone%2conline+storage%2cfree+storage%2ccloud+storage%2ccollaboration%2cbackup+file+sharing%2cshare+files%2cphoto+backup%2cphoto+sharing%2cftp+replacement%2ccross+platform%2cremote+access%2cmobile+access%2csend+large+files%2crecover+files%2cfile+versioning%2cundelete%2cwindows%2cpc%2cmac%2cos+x%2clinux%2ciphone%26sourceid%3d101%26domainid%3d1%26cpv%3d0.00575%26s2sParam%3d56fe7864-39eb-4370-85c5-a83ca0f342e2

HTTP Response

200

HTTP Request

GET https://otnolatrnup.com/hideref.engine?d=https%3A%2F%2Fworeppercomming.com%2F4fabb44a-878d-4024-bdef-2de07d973f5e%3Fcampaignname%3D2_OperaGX%26placementname%3D2_OperaGX_UK_Win_101%26bid%3D5.75%26totalcpv%3D0.00575%26channel%3DFile%2BHosting%2B%2526%2BSharing%26subchannel%3DFile%2BHosting%2B%2526%2BSharing%26medianame%3DOperaGX_WW_9636%26keywords%3Donline+storage%2Cfree+storage%2Ccloud+storage%2Ccollaboration%2Cbackup+file+sharing%2Cshare+files%2Cphoto+backup%2Cphoto+sharing%2Cftp+replacement%2Ccross+platform%2Cremote+access%2Cmobile+access%2Csend+large+files%2Crecover+files%2Cfile+versioning%2Cundelete%2Cwindows%2Cpc%2Cmac%2Cos+x%2Clinux%2Ciphone%2Conline+storage%2Cfree+storage%2Ccloud+storage%2Ccollaboration%2Cbackup+file+sharing%2Cshare+files%2Cphoto+backup%2Cphoto+sharing%2Cftp+replacement%2Ccross+platform%2Cremote+access%2Cmobile+access%2Csend+large+files%2Crecover+files%2Cfile+versioning%2Cundelete%2Cwindows%2Cpc%2Cmac%2Cos+x%2Clinux%2Ciphone%26sourceid%3D101%26domainid%3D1%26cpv%3D0.00575%26s2sParam%3D56fe7864-39eb-4370-85c5-a83ca0f342e2

HTTP Response

302
130.211.23.194:443

https://api.btloader.com/mw/state?bt_env=prod

tls, http2

msedge.exe

1.8kB
6.1kB
14
15

HTTP Request

GET https://api.btloader.com/mw/state?bt_env=prod
104.26.2.70:443

https://ad-delivery.net/px.gif?ch=1&e=0.544687824622132

tls, http2

msedge.exe

2.9kB
4.9kB
18
16

HTTP Request

GET https://ad-delivery.net/px.gif?ch=2

HTTP Request

GET https://ad-delivery.net/px.gif?ch=1&e=0.544687824622132

HTTP Response

200

HTTP Response

200
104.26.2.70:443

ad-delivery.net

tls, http2

msedge.exe

2.0kB
3.1kB
9
7
13.37.187.223:443

https://g.ezoic.net/detroitchicago/greenoaks.gif?orig=1&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwidmlzaXRfdXVpZCI6IjdlZDY0MzMzLWJiNTUtNDgwZi00ZWRiLWU5ZTZhNTRkYjc0ZSIsInBhZ2V2aWV3X2lkIjoiMDZjY2RmNDEtMjQ2Yy00YzAzLTcyMDAtZWU2NTkwYmM5NjVkIiwiZG9tYWluX2lkIjoiNDg0NDcwIiwidF9lcG9jaCI6MTcyMTQyMTQ1OCwiZGF0YSI6W3sibmFtZSI6InB2X2V2ZW50X2NvdW50IiwidmFsIjoiMiJ9LHsibmFtZSI6InRpbWVfb25fcGFnZV9ldmVudCIsInZhbCI6IjQ1In1dfV0=

tls, http2

msedge.exe

12.8kB
9.6kB
46
41

HTTP Request

POST https://g.ezoic.net/saa.go

HTTP Response

200

HTTP Request

POST https://g.ezoic.net/detroitchicago/imp.gif?ez_orig=1

HTTP Response

200

HTTP Request

POST https://g.ezoic.net/detroitchicago/greenoaks.gif?orig=1&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwidmlzaXRfdXVpZCI6IjdlZDY0MzMzLWJiNTUtNDgwZi00ZWRiLWU5ZTZhNTRkYjc0ZSIsInBhZ2V2aWV3X2lkIjoiMDZjY2RmNDEtMjQ2Yy00YzAzLTcyMDAtZWU2NTkwYmM5NjVkIiwiZG9tYWluX2lkIjoiNDg0NDcwIiwidF9lcG9jaCI6MTcyMTQyMTQ1OCwiZGF0YSI6W3sibmFtZSI6ImRldmljZV93aWR0aCIsInZhbCI6IjEyODAifSx7Im5hbWUiOiJkZXZpY2VfaGVpZ2h0IiwidmFsIjoiNzIwIn1dfSx7InR5cGUiOiJwYWdldmlldyIsInZpc2l0X3V1aWQiOiI3ZWQ2NDMzMy1iYjU1LTQ4MGYtNGVkYi1lOWU2YTU0ZGI3NGUiLCJwYWdldmlld19pZCI6IjA2Y2NkZjQxLTI0NmMtNGMwMy03MjAwLWVlNjU5MGJjOTY1ZCIsImRvbWFpbl9pZCI6IjQ4NDQ3MCIsInRfZXBvY2giOjE3MjE0MjE0NTgsImRhdGEiOlt7Im5hbWUiOiJ0X2xvY2FsX2RhdGUiLCJ2YWwiOiIyMDI0LTA3LTE5In0seyJuYW1lIjoidF9sb2NhbF9ob3VyIiwidmFsIjoiMjAifSx7Im5hbWUiOiJ0X2xvY2FsX2RheV9vZl93ZWVrIiwidmFsIjoiNSJ9LHsibmFtZSI6InRfbG9jYWxfdGltZXpvbmUiLCJ2YWwiOiIwIn1dfSx7InR5cGUiOiJwYWdldmlldyIsInZpc2l0X3V1aWQiOiI3ZWQ2NDMzMy1iYjU1LTQ4MGYtNGVkYi1lOWU2YTU0ZGI3NGUiLCJwYWdldmlld19pZCI6IjA2Y2NkZjQxLTI0NmMtNGMwMy03MjAwLWVlNjU5MGJjOTY1ZCIsImRvbWFpbl9pZCI6IjQ4NDQ3MCIsInRfZXBvY2giOjE3MjE0MjE0NTgsImRhdGEiOlt7Im5hbWUiOiJsYW5ndWFnZV90YWciLCJ2YWwiOiJlbi1VUyJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJ2aXNpdF91dWlkIjoiN2VkNjQzMzMtYmI1NS00ODBmLTRlZGItZTllNmE1NGRiNzRlIiwicGFnZXZpZXdfaWQiOiIwNmNjZGY0MS0yNDZjLTRjMDMtNzIwMC1lZTY1OTBiYzk2NWQiLCJkb21haW5faWQiOiI0ODQ0NzAiLCJ0X2Vwb2NoIjoxNzIxNDIxNDU4LCJkYXRhIjpbeyJuYW1lIjoibGFuZ3VhZ2VfcHJpbWFyeV9zdWJ0YWciLCJ2YWwiOiJlbiJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJ2aXNpdF91dWlkIjoiN2VkNjQzMzMtYmI1NS00ODBmLTRlZGItZTllNmE1NGRiNzRlIiwicGFnZXZpZXdfaWQiOiIwNmNjZGY0MS0yNDZjLTRjMDMtNzIwMC1lZTY1OTBiYzk2NWQiLCJkb21haW5faWQiOiI0ODQ0NzAiLCJ0X2Vwb2NoIjoxNzIxNDIxNDU4LCJkYXRhIjpbeyJuYW1lIjoiZmlkX3ZhbHVlIiwidmFsIjoiMSJ9XX1d

HTTP Response

204

HTTP Request

POST https://g.ezoic.net/detroitchicago/greenoaks.gif?orig=1&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwidmlzaXRfdXVpZCI6IjdlZDY0MzMzLWJiNTUtNDgwZi00ZWRiLWU5ZTZhNTRkYjc0ZSIsInBhZ2V2aWV3X2lkIjoiMDZjY2RmNDEtMjQ2Yy00YzAzLTcyMDAtZWU2NTkwYmM5NjVkIiwiZG9tYWluX2lkIjoiNDg0NDcwIiwidF9lcG9jaCI6MTcyMTQyMTQ1OCwiZGF0YSI6W3sibmFtZSI6Im5hdmlnYXRpb25fdHlwZSIsInZhbCI6IjAifSx7Im5hbWUiOiJyZWRpcmVjdF9jb3VudCIsInZhbCI6IjAifV19LHsidHlwZSI6InBhZ2V2aWV3IiwidmlzaXRfdXVpZCI6IjdlZDY0MzMzLWJiNTUtNDgwZi00ZWRiLWU5ZTZhNTRkYjc0ZSIsInBhZ2V2aWV3X2lkIjoiMDZjY2RmNDEtMjQ2Yy00YzAzLTcyMDAtZWU2NTkwYmM5NjVkIiwiZG9tYWluX2lkIjoiNDg0NDcwIiwidF9lcG9jaCI6MTcyMTQyMTQ1OCwiZGF0YSI6W3sibmFtZSI6InBlcmZfaXNfdHJhY2tlZCIsInZhbCI6IjEifSx7Im5hbWUiOiJwZXJmX25hdl90b19jb25uZWN0IiwidmFsIjoiOCJ9LHsibmFtZSI6InBlcmZfY29ubmVjdF90b19yZXNwX3N0YXJ0IiwidmFsIjoiNDYwIn0seyJuYW1lIjoicGVyZl9yZXNwX3RpbWUiLCJ2YWwiOiI0MTIifSx7Im5hbWUiOiJwZXJmX2ludGVyYWN0aXZlIiwidmFsIjoiMTYxIn0seyJuYW1lIjoicGVyZl9jb250ZW50bG9hZGVkIiwidmFsIjoiMTYyIn0seyJuYW1lIjoicGVyZl9jb21wbGV0ZSIsInZhbCI6IjE0NjkifV19LHsidHlwZSI6InBhZ2V2aWV3IiwidmlzaXRfdXVpZCI6IjdlZDY0MzMzLWJiNTUtNDgwZi00ZWRiLWU5ZTZhNTRkYjc0ZSIsInBhZ2V2aWV3X2lkIjoiMDZjY2RmNDEtMjQ2Yy00YzAzLTcyMDAtZWU2NTkwYmM5NjVkIiwiZG9tYWluX2lkIjoiNDg0NDcwIiwidF9lcG9jaCI6MTcyMTQyMTQ1OCwiZGF0YSI6W3sibmFtZSI6ImZpcnN0X3BhaW50IiwidmFsIjoiODg0In1dfSx7InR5cGUiOiJwYWdldmlldyIsInZpc2l0X3V1aWQiOiI3ZWQ2NDMzMy1iYjU1LTQ4MGYtNGVkYi1lOWU2YTU0ZGI3NGUiLCJwYWdldmlld19pZCI6IjA2Y2NkZjQxLTI0NmMtNGMwMy03MjAwLWVlNjU5MGJjOTY1ZCIsImRvbWFpbl9pZCI6IjQ4NDQ3MCIsInRfZXBvY2giOjE3MjE0MjE0NTgsImRhdGEiOlt7Im5hbWUiOiJmaXJzdF9jb250ZW50ZnVsX3BhaW50IiwidmFsIjoiODg0In1dfSx7InR5cGUiOiJwYWdldmlldyIsInZpc2l0X3V1aWQiOiI3ZWQ2NDMzMy1iYjU1LTQ4MGYtNGVkYi1lOWU2YTU0ZGI3NGUiLCJwYWdldmlld19pZCI6IjA2Y2NkZjQxLTI0NmMtNGMwMy03MjAwLWVlNjU5MGJjOTY1ZCIsImRvbWFpbl9pZCI6IjQ4NDQ3MCIsInRfZXBvY2giOjE3MjE0MjE0NTgsImRhdGEiOlt7Im5hbWUiOiJjb25uZWN0aW9uX2VmZmVjdGl2ZV90eXBlIiwidmFsIjoiNGcifV19XQ==

HTTP Request

POST https://g.ezoic.net/detroitchicago/greenoaks.gif?orig=1&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwidmlzaXRfdXVpZCI6IjdlZDY0MzMzLWJiNTUtNDgwZi00ZWRiLWU5ZTZhNTRkYjc0ZSIsInBhZ2V2aWV3X2lkIjoiMDZjY2RmNDEtMjQ2Yy00YzAzLTcyMDAtZWU2NTkwYmM5NjVkIiwiZG9tYWluX2lkIjoiNDg0NDcwIiwidF9lcG9jaCI6MTcyMTQyMTQ1OCwiZGF0YSI6W3sibmFtZSI6ImNvbm5lY3Rpb25fZG93bmxpbmsiLCJ2YWwiOiIxMCJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJ2aXNpdF91dWlkIjoiN2VkNjQzMzMtYmI1NS00ODBmLTRlZGItZTllNmE1NGRiNzRlIiwicGFnZXZpZXdfaWQiOiIwNmNjZGY0MS0yNDZjLTRjMDMtNzIwMC1lZTY1OTBiYzk2NWQiLCJkb21haW5faWQiOiI0ODQ0NzAiLCJ0X2Vwb2NoIjoxNzIxNDIxNDU4LCJkYXRhIjpbeyJuYW1lIjoiY29ubmVjdGlvbl9ydHQiLCJ2YWwiOiI1MCJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJ2aXNpdF91dWlkIjoiN2VkNjQzMzMtYmI1NS00ODBmLTRlZGItZTllNmE1NGRiNzRlIiwicGFnZXZpZXdfaWQiOiIwNmNjZGY0MS0yNDZjLTRjMDMtNzIwMC1lZTY1OTBiYzk2NWQiLCJkb21haW5faWQiOiI0ODQ0NzAiLCJ0X2Vwb2NoIjoxNzIxNDIxNDU4LCJkYXRhIjpbeyJuYW1lIjoibGNwX3ZhbHVlIiwidmFsIjoiMTg1NSJ9XX1d

HTTP Response

204

HTTP Response

204

HTTP Request

POST https://g.ezoic.net/detroitchicago/greenoaks.gif?orig=1&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwidmlzaXRfdXVpZCI6IjdlZDY0MzMzLWJiNTUtNDgwZi00ZWRiLWU5ZTZhNTRkYjc0ZSIsInBhZ2V2aWV3X2lkIjoiMDZjY2RmNDEtMjQ2Yy00YzAzLTcyMDAtZWU2NTkwYmM5NjVkIiwiZG9tYWluX2lkIjoiNDg0NDcwIiwidF9lcG9jaCI6MTcyMTQyMTQ1OCwiZGF0YSI6W3sibmFtZSI6InRfdW5sb2FkIiwidmFsIjoiMTcyMTQyMTQ2MTc1MyJ9XX1d

HTTP Response

204

HTTP Request

POST https://g.ezoic.net/detroitchicago/greenoaks.gif?orig=1&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwidmlzaXRfdXVpZCI6IjdlZDY0MzMzLWJiNTUtNDgwZi00ZWRiLWU5ZTZhNTRkYjc0ZSIsInBhZ2V2aWV3X2lkIjoiMDZjY2RmNDEtMjQ2Yy00YzAzLTcyMDAtZWU2NTkwYmM5NjVkIiwiZG9tYWluX2lkIjoiNDg0NDcwIiwidF9lcG9jaCI6MTcyMTQyMTQ1OCwiZGF0YSI6W3sibmFtZSI6ImVuZ2FnZWRfdGltZSIsInZhbCI6IjEifV19XQ==

HTTP Response

204

HTTP Request

POST https://g.ezoic.net/detroitchicago/greenoaks.gif?orig=1&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwidmlzaXRfdXVpZCI6IjdlZDY0MzMzLWJiNTUtNDgwZi00ZWRiLWU5ZTZhNTRkYjc0ZSIsInBhZ2V2aWV3X2lkIjoiMDZjY2RmNDEtMjQ2Yy00YzAzLTcyMDAtZWU2NTkwYmM5NjVkIiwiZG9tYWluX2lkIjoiNDg0NDcwIiwidF9lcG9jaCI6MTcyMTQyMTQ1OCwiZGF0YSI6W3sibmFtZSI6ImNsc192YWx1ZSIsInZhbCI6IjAifV19XQ==

HTTP Response

204

HTTP Request

POST https://g.ezoic.net/detroitchicago/greenoaks.gif?orig=1&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwidmlzaXRfdXVpZCI6IjdlZDY0MzMzLWJiNTUtNDgwZi00ZWRiLWU5ZTZhNTRkYjc0ZSIsInBhZ2V2aWV3X2lkIjoiMDZjY2RmNDEtMjQ2Yy00YzAzLTcyMDAtZWU2NTkwYmM5NjVkIiwiZG9tYWluX2lkIjoiNDg0NDcwIiwidF9lcG9jaCI6MTcyMTQyMTQ1OCwiZGF0YSI6W3sibmFtZSI6InB2X2V2ZW50X2NvdW50IiwidmFsIjoiMSJ9LHsibmFtZSI6InRpbWVfb25fcGFnZV9ldmVudCIsInZhbCI6IjMwIn1dfV0=

HTTP Response

204

HTTP Request

POST https://g.ezoic.net/detroitchicago/greenoaks.gif?orig=1&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwidmlzaXRfdXVpZCI6IjdlZDY0MzMzLWJiNTUtNDgwZi00ZWRiLWU5ZTZhNTRkYjc0ZSIsInBhZ2V2aWV3X2lkIjoiMDZjY2RmNDEtMjQ2Yy00YzAzLTcyMDAtZWU2NTkwYmM5NjVkIiwiZG9tYWluX2lkIjoiNDg0NDcwIiwidF9lcG9jaCI6MTcyMTQyMTQ1OCwiZGF0YSI6W3sibmFtZSI6InB2X2V2ZW50X2NvdW50IiwidmFsIjoiMiJ9LHsibmFtZSI6InRpbWVfb25fcGFnZV9ldmVudCIsInZhbCI6IjQ1In1dfV0=

HTTP Response

204
104.21.87.79:443

go.ezodn.com

tls

msedge.exe

897 B
2.5kB
7
5
104.21.87.79:443

https://go.ezodn.com/tardisrocinante/vitals.js?gcb=195-12&cb=4

tls, http2

msedge.exe

3.6kB
26.7kB
41
54

HTTP Request

GET https://go.ezodn.com/detroitchicago/boise.js?gcb=195-12&cb=5

HTTP Request

GET https://go.ezodn.com/parsonsmaize/abilene.js?gcb=195-12&cb=35

HTTP Request

GET https://go.ezodn.com/porpoiseant/et.js?gcb=195-12&cb=3

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://go.ezodn.com/parsonsmaize/mulvane.js?gcb=195-12&cb=10

HTTP Request

GET https://go.ezodn.com/detroitchicago/wichita.js?gcb=195-12&cb=12

HTTP Request

GET https://go.ezodn.com/detroitchicago/raleigh.js?gcb=195-12&cb=7

HTTP Request

GET https://go.ezodn.com/detroitchicago/vista.js?gcb=195-12&cb=6

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://go.ezodn.com/parsonsmaize/olathe.js?gcb=195-12&cb=25

HTTP Request

GET https://go.ezodn.com/parsonsmaize/chanute.js?a=a&cb=10&dcb=195-12&shcb=34

HTTP Request

GET https://go.ezodn.com/tardisrocinante/vitals.js?gcb=195-12&cb=4

HTTP Response

200

HTTP Response

200

HTTP Response

200
104.21.87.79:443

go.ezodn.com

tls

msedge.exe

897 B
2.5kB
7
5
172.67.73.78:443

https://www.mediafiredls.com/completed/1

tls, http2

msedge.exe

2.2kB
12.0kB
22
27

HTTP Request

GET https://www.mediafiredls.com/adsupply/0

HTTP Response

403

HTTP Request

GET https://www.mediafiredls.com/onclick/0

HTTP Response

403

HTTP Request

GET https://www.mediafiredls.com/clicked/1

HTTP Request

GET https://www.mediafiredls.com/completed/1

HTTP Response

403

HTTP Response

403
142.250.201.162:443

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

tls, http2

msedge.exe

2.6kB
41.0kB
29
44

HTTP Request

GET https://securepubads.g.doubleclick.net/tag/js/gpt.js

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
185.64.190.77:443

https://hbopenbid.pubmatic.com/translator?source=prebid-client

tls, http2

msedge.exe

4.1kB
5.3kB
16
16

HTTP Request

POST https://hbopenbid.pubmatic.com/translator?source=prebid-client

HTTP Response

204
34.120.63.153:443

https://prebid.media.net/rtb/prebid?cid=8CUO2689O

tls, http2

msedge.exe

5.7kB
7.2kB
18
17

HTTP Request

POST https://prebid.media.net/rtb/prebid?cid=8CUO2689O
18.195.54.126:443

btlr.sharethrough.com

tls

msedge.exe

1.1kB
6.1kB
10
11
18.195.54.126:443

btlr.sharethrough.com

tls

msedge.exe

1.1kB
6.1kB
10
11
18.195.54.126:443

btlr.sharethrough.com

tls

msedge.exe

1.1kB
6.1kB
10
11
18.195.54.126:443

https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1

tls, http2

msedge.exe

9.5kB
7.5kB
27
26

HTTP Request

POST https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1

HTTP Request

POST https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1

HTTP Request

POST https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1

HTTP Request

POST https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1

HTTP Request

POST https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1

HTTP Response

204

HTTP Response

204

HTTP Response

204

HTTP Response

204

HTTP Response

204
18.195.54.126:443

btlr.sharethrough.com

tls

msedge.exe

1.1kB
6.1kB
10
11
3.124.64.248:443

https://tlx.3lift.com/header/auction?lib=prebid&v=8.10.0&referrer=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fvehz5gm393ydtoz%2Fnitrogen.zip&tmax=1000

tls, http2

msedge.exe

5.2kB
7.1kB
25
28

HTTP Request

POST https://tlx.3lift.com/header/auction?lib=prebid&v=8.10.0&referrer=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fvehz5gm393ydtoz%2Fnitrogen.zip&tmax=1000

HTTP Response

200
54.194.127.62:443

https://ad.crwdcntrl.net/5/c=3722/pe=y/callback=g367CB268B1094004A3689751E7AC568F.Lotame.CallExtractionAPICallback?52378525

tls, http2

msedge.exe

2.0kB
6.9kB
18
17

HTTP Request

GET https://ad.crwdcntrl.net/5/c=3722/pe=y/callback=g367CB268B1094004A3689751E7AC568F.Lotame.CallExtractionAPICallback?52378525

HTTP Response

404
52.31.166.146:443

https://bcp.crwdcntrl.net/6/map

tls, http2

msedge.exe

2.9kB
7.6kB
19
21

HTTP Request

GET https://bcp.crwdcntrl.net/map/c=3722/tp=ADSP/tpid=1eaffeddd7fd430e99d3f317f95ae1c0

HTTP Response

404

HTTP Request

POST https://bcp.crwdcntrl.net/6/map

HTTP Response

200
18.245.143.83:443

https://tags.crwdcntrl.net/lt/c/16589/sync.min.js

tls, http2

msedge.exe

2.0kB
20.4kB
20
24

HTTP Request

GET https://tags.crwdcntrl.net/c/4545/cc_af.js

HTTP Response

403

HTTP Request

GET https://tags.crwdcntrl.net/lt/c/16589/sync.min.js

HTTP Response

200
13.37.187.223:443

https://g.ezoic.net/cmp/log.gif?dId=484470&dcId=106&version=9&buttonId=2&consentV2=CQCAL0AQCAL0AErAJJENA9EsAP_gAEPgACiQKVtV_G__bWlr8X73aftkeY1P9_h77sQxBhfJE-4FzLvW_JwXx2ExNA36tqIKmRIAu3bBIQNlHJDUTVCgaogVryDMak2coTNKJ6BkiFMRO2dYCF5vmwtj-QKY5vr993dx2B-t_dr83dzyz4VHn3a5_2a0WJCdA5-tDfv9bROb-9IOd_58v4v8_F_rE2_eT1l_tevp7D9-cts79XW-9_fff79Ln_-mB_-CkoBZhoVEAZZEhIQaBhBAgBUFYQEUCAAAAEgaICAEwYFOwMAl1hIgBACgAGCAEAAKMgAQAACQAIRABAAUCAACAQKAAMACAYCABgYAAwAWAgEAAIDoEKYEECgWACRmREKYEIQCQQEtlQgkAQIK4QhFngQQCImCgAABIAKwABAWCwOJJASsSCBLiDaAAAgAQCCACoRSdmAIIAzZaq8WTaMrSAtHzBe9pgAA.YAAAAAAAAAAA

tls, http2

msedge.exe

2.2kB
3.9kB
16
16

HTTP Request

GET https://g.ezoic.net/cmp/log.gif?dId=484470&dcId=106&version=9&buttonId=2&consentV2=CQCAL0AQCAL0AErAJJENA9EsAP_gAEPgACiQKVtV_G__bWlr8X73aftkeY1P9_h77sQxBhfJE-4FzLvW_JwXx2ExNA36tqIKmRIAu3bBIQNlHJDUTVCgaogVryDMak2coTNKJ6BkiFMRO2dYCF5vmwtj-QKY5vr993dx2B-t_dr83dzyz4VHn3a5_2a0WJCdA5-tDfv9bROb-9IOd_58v4v8_F_rE2_eT1l_tevp7D9-cts79XW-9_fff79Ln_-mB_-CkoBZhoVEAZZEhIQaBhBAgBUFYQEUCAAAAEgaICAEwYFOwMAl1hIgBACgAGCAEAAKMgAQAACQAIRABAAUCAACAQKAAMACAYCABgYAAwAWAgEAAIDoEKYEECgWACRmREKYEIQCQQEtlQgkAQIK4QhFngQQCImCgAABIAKwABAWCwOJJASsSCBLiDaAAAgAQCCACoRSdmAIIAzZaq8WTaMrSAtHzBe9pgAA.YAAAAAAAAAAA

HTTP Response

200
216.58.214.65:443

https://5926966a686f9e17c15e1d3596a8ea65.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

tls, http2

msedge.exe

2.1kB
9.7kB
18
19

HTTP Request

GET https://5926966a686f9e17c15e1d3596a8ea65.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
151.101.193.229:443

https://cdn.jsdelivr.net/gh/prebid/shared-id/pubcid.js/docs/pubcid.min.js

tls, http2

msedge.exe

1.7kB
6.7kB
13
15

HTTP Request

GET https://cdn.jsdelivr.net/gh/prebid/shared-id/pubcid.js/docs/pubcid.min.js

HTTP Response

200
178.250.1.3:443

https://static.criteo.net/js/ld/publishertag.ids.js

tls, http2

msedge.exe

2.1kB
18.5kB
22
22

HTTP Request

GET https://static.criteo.net/js/ld/publishertag.ids.js

HTTP Response

200
34.102.146.192:443

https://oa.openxcdn.net/esp.js

tls, http2

msedge.exe

2.0kB
14.7kB
21
22

HTTP Request

GET https://oa.openxcdn.net/esp.js
104.18.35.167:443

https://cdn-ima.33across.com/ob.js

tls, http2

msedge.exe

1.9kB
12.9kB
18
20

HTTP Request

GET https://cdn-ima.33across.com/ob.js

HTTP Response

200
34.96.70.87:443

https://invstatic101.creativecdn.com/encrypted-signals/encrypted-tag-g.js

tls, http2

msedge.exe

1.8kB
7.4kB
16
17

HTTP Request

GET https://invstatic101.creativecdn.com/encrypted-signals/encrypted-tag-g.js
18.245.255.11:443

https://cdn.prod.uidapi.com/uid2SecureSignal.js

tls, http

msedge.exe

1.6kB
6.8kB
11
13

HTTP Request

GET https://cdn.prod.uidapi.com/uid2SecureSignal.js

HTTP Response

200
104.22.53.86:443

https://cdn.id5-sync.com/api/1.0/esp.js

tls, http2

msedge.exe

2.9kB
35.5kB
41
45

HTTP Request

GET https://cdn.id5-sync.com/api/1.0/esp.js

HTTP Response

200
88.221.134.137:80

http://apps.identrust.com/roots/dstrootcax3.p7c

http

msedge.exe

416 B
1.6kB
6
5

HTTP Request

GET http://apps.identrust.com/roots/dstrootcax3.p7c

HTTP Response

200
34.120.135.53:443

https://oajs.openx.net/esp?url=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fvehz5gm393ydtoz%2Fnitrogen.zip&rid=esp

tls, http2

msedge.exe

1.8kB
4.8kB
13
13

HTTP Request

GET https://oajs.openx.net/esp?url=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fvehz5gm393ydtoz%2Fnitrogen.zip&rid=esp
216.58.214.161:443

https://tpc.googlesyndication.com/sodar/sodar2.js

tls, http2

msedge.exe

2.0kB
13.3kB
20
21

HTTP Request

GET https://tpc.googlesyndication.com/sodar/sodar2.js
162.19.138.119:443

https://id5-sync.com/api/esp/increment?counter=no-config

tls, http2

msedge.exe

1.7kB
3.4kB
13
12

HTTP Request

GET https://id5-sync.com/api/esp/increment?counter=no-config

HTTP Response

204
35.244.159.8:443

https://google-bidout-d.openx.net/w/1.0/pd?plm=5

tls, http2

msedge.exe

1.9kB
5.0kB
15
14

HTTP Request

GET https://google-bidout-d.openx.net/w/1.0/pd?plm=5
2.18.108.192:443

https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158936

tls, http2

msedge.exe

2.1kB
11.2kB
19
23

HTTP Request

GET https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158936

HTTP Response

200
95.100.244.20:443

https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUO2689O&prvid=2034%2C2033%2C2030%2C3020%2C294%2C251%2C233%2C2027%2C237%2C359%2C338%2C459%2C97%2C55%2C77%2C3012%2C3011%2C182%2C262%2C461%2C201%2C246%2C4%2C203%2C10000%2C108%2C9&itype=PREBID&purpose1=1&gdprconsent=0&gdpr=1&coppa=0&usp_status=0&usp_consent=1

tls, http2

msedge.exe

2.3kB
14.3kB
19
25

HTTP Request

GET https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUO2689O&prvid=2034%2C2033%2C2030%2C3020%2C294%2C251%2C233%2C2027%2C237%2C359%2C338%2C459%2C97%2C55%2C77%2C3012%2C3011%2C182%2C262%2C461%2C201%2C246%2C4%2C203%2C10000%2C108%2C9&itype=PREBID&purpose1=1&gdprconsent=0&gdpr=1&coppa=0&usp_status=0&usp_consent=1

HTTP Response

200
76.223.111.18:443

https://eb2.3lift.com/sync?

tls, http2

msedge.exe

1.9kB
6.7kB
15
17

HTTP Request

GET https://eb2.3lift.com/sync?

HTTP Response

200
142.250.179.65:443

cdn.ampproject.org

tls, http2

msedge.exe

2.1kB
12.8kB
12
14
142.250.179.65:443

cdn.ampproject.org

tls, http2

msedge.exe

2.1kB
12.8kB
12
14
142.250.179.65:443

https://cdn.ampproject.org/rtv/012406241625000/v0/amp-form-0.1.js

tls, http2

msedge.exe

6.8kB
140.5kB
97
110

HTTP Request

GET https://cdn.ampproject.org/rtv/012406241625000/amp4ads-v0.js

HTTP Request

GET https://cdn.ampproject.org/rtv/012406241625000/v0/amp-ad-exit-0.1.js

HTTP Request

GET https://cdn.ampproject.org/rtv/012406241625000/v0/amp-analytics-0.1.js

HTTP Request

GET https://cdn.ampproject.org/rtv/012406241625000/v0/amp-fit-text-0.1.js

HTTP Request

GET https://cdn.ampproject.org/rtv/012406241625000/v0/amp-form-0.1.js
142.250.179.65:443

cdn.ampproject.org

tls, http2

msedge.exe

2.1kB
12.8kB
12
14
142.250.179.65:443

cdn.ampproject.org

tls, http2

msedge.exe

2.1kB
12.8kB
12
14
199.91.155.12:443

https://download2271.mediafire.com/qt1saempjjygOqHSopofaNsn0RZXf4F09MSrhXMkwXol22bTUrrnOlH3QfsYy5o0SJ9728kAeTsx8aQjOfyShZB3SoWGs_zZ2hN5kLBTAWqR3HLf1BgtVPDpsdYTwyf-lrKYDoV3vqamrlls2vJAQH_GS68LXEeyp-2NkrDZ5cI/vehz5gm393ydtoz/nitrogen.zip

tls, http

msedge.exe

31.0kB
1.0MB
547
745

HTTP Request

GET https://download2271.mediafire.com/qt1saempjjygOqHSopofaNsn0RZXf4F09MSrhXMkwXol22bTUrrnOlH3QfsYy5o0SJ9728kAeTsx8aQjOfyShZB3SoWGs_zZ2hN5kLBTAWqR3HLf1BgtVPDpsdYTwyf-lrKYDoV3vqamrlls2vJAQH_GS68LXEeyp-2NkrDZ5cI/vehz5gm393ydtoz/nitrogen.zip

HTTP Response

200
199.91.155.12:443

download2271.mediafire.com

tls

msedge.exe

1.1kB
4.8kB
10
10
178.250.1.11:443

https://gum.criteo.com/sid/json?origin=publishertagids&domain=mediafire.com&sn=EdgeSyncframe&so=0&topUrl=www.mediafire.com&info=8glNAl9uNmRFc0FiMUZGUlYlMkJXMWtSanRlaGdNNE9CQkNvRmJoRndHTm0yVk1VJTJGWDQ3bjNjd1pZQ2w4R1klMkZCY0l5JTJGcUx6TUtOZ0VqT0YyOTZ3MVNYV3lINjJ3JTNEJTNE&idsd=47382644,768820261&cw=1&lsw=1

tls, http2

msedge.exe

3.4kB
10.9kB
22
18

HTTP Request

GET https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=www.mediafire.com&gdpr=1&gdpr_consent=CQCAL0AQCAL0AErAJJENA9EsAP_gAEPgACiQKVtV_G__bWlr8X73aftkeY1P9_h77sQxBhfJE-4FzLvW_JwXx2ExNA36tqIKmRIAu3bBIQNlHJDUTVCgaogVryDMak2coTNKJ6BkiFMRO2dYCF5vmwtj-QKY5vr993dx2B-t_dr83dzyz4VHn3a5_2a0WJCdA5-tDfv9bROb-9IOd_58v4v8_F_rE2_eT1l_tevp7D9-cts79XW-9_fff79Ln_-mB_-CkoBZhoVEAZZEhIQaBhBAgBUFYQEUCAAAAEgaICAEwYFOwMAl1hIgBACgAGCAEAAKMgAQAACQAIRABAAUCAACAQKAAMACAYCABgYAAwAWAgEAAIDoEKYEECgWACRmREKYEIQCQQEtlQgkAQIK4QhFngQQCImCgAABIAKwABAWCwOJJASsSCBLiDaAAAgAQCCACoRSdmAIIAzZaq8WTaMrSAtHzBe9pgAA.YAAAAAAAAAAA&gpp=&gpp_sid=-1

HTTP Response

200

HTTP Request

GET https://gum.criteo.com/sid/json?origin=publishertagids&domain=mediafire.com&sn=EdgeSyncframe&so=0&topUrl=www.mediafire.com&info=8glNAl9uNmRFc0FiMUZGUlYlMkJXMWtSanRlaGdNNE9CQkNvRmJoRndHTm0yVk1VJTJGWDQ3bjNjd1pZQ2w4R1klMkZCY0l5JTJGcUx6TUtOZ0VqT0YyOTZ3MVNYV3lINjJ3JTNEJTNE&idsd=47382644,768820261&cw=1&lsw=1

HTTP Response

200
104.16.53.110:80

otnolatrnup.com

msedge.exe

190 B
132 B
4
3
104.16.53.110:80

http://otnolatrnup.com/hideref.engine?d=https%3A%2F%2Fworeppercomming.com%2F4fabb44a-878d-4024-bdef-2de07d973f5e%3Fcampaignname%3D2_OperaGX%26placementname%3D2_OperaGX_UK_Win_101%26bid%3D5.75%26totalcpv%3D0.00575%26channel%3DFile%2BHosting%2B%2526%2BSharing%26subchannel%3DFile%2BHosting%2B%2526%2BSharing%26medianame%3DOperaGX_WW_9636%26keywords%3Donline+storage%2Cfree+storage%2Ccloud+storage%2Ccollaboration%2Cbackup+file+sharing%2Cshare+files%2Cphoto+backup%2Cphoto+sharing%2Cftp+replacement%2Ccross+platform%2Cremote+access%2Cmobile+access%2Csend+large+files%2Crecover+files%2Cfile+versioning%2Cundelete%2Cwindows%2Cpc%2Cmac%2Cos+x%2Clinux%2Ciphone%2Conline+storage%2Cfree+storage%2Ccloud+storage%2Ccollaboration%2Cbackup+file+sharing%2Cshare+files%2Cphoto+backup%2Cphoto+sharing%2Cftp+replacement%2Ccross+platform%2Cremote+access%2Cmobile+access%2Csend+large+files%2Crecover+files%2Cfile+versioning%2Cundelete%2Cwindows%2Cpc%2Cmac%2Cos+x%2Clinux%2Ciphone%26sourceid%3D101%26domainid%3D1%26cpv%3D0.00575%26s2sParam%3D56fe7864-39eb-4370-85c5-a83ca0f342e2

http

msedge.exe

1.8kB
1.6kB
7
6

HTTP Request

GET http://otnolatrnup.com/hideref.engine?d=https%3A%2F%2Fworeppercomming.com%2F4fabb44a-878d-4024-bdef-2de07d973f5e%3Fcampaignname%3D2_OperaGX%26placementname%3D2_OperaGX_UK_Win_101%26bid%3D5.75%26totalcpv%3D0.00575%26channel%3DFile%2BHosting%2B%2526%2BSharing%26subchannel%3DFile%2BHosting%2B%2526%2BSharing%26medianame%3DOperaGX_WW_9636%26keywords%3Donline+storage%2Cfree+storage%2Ccloud+storage%2Ccollaboration%2Cbackup+file+sharing%2Cshare+files%2Cphoto+backup%2Cphoto+sharing%2Cftp+replacement%2Ccross+platform%2Cremote+access%2Cmobile+access%2Csend+large+files%2Crecover+files%2Cfile+versioning%2Cundelete%2Cwindows%2Cpc%2Cmac%2Cos+x%2Clinux%2Ciphone%2Conline+storage%2Cfree+storage%2Ccloud+storage%2Ccollaboration%2Cbackup+file+sharing%2Cshare+files%2Cphoto+backup%2Cphoto+sharing%2Cftp+replacement%2Ccross+platform%2Cremote+access%2Cmobile+access%2Csend+large+files%2Crecover+files%2Cfile+versioning%2Cundelete%2Cwindows%2Cpc%2Cmac%2Cos+x%2Clinux%2Ciphone%26sourceid%3D101%26domainid%3D1%26cpv%3D0.00575%26s2sParam%3D56fe7864-39eb-4370-85c5-a83ca0f342e2

HTTP Response

302
178.250.1.11:443

https://dnacdn.net/dna

tls, http2

msedge.exe

1.9kB
5.8kB
14
14

HTTP Request

GET https://dnacdn.net/dna

HTTP Response

200

HTTP Request

GET https://dnacdn.net/dna

HTTP Response

200
185.235.86.125:443

https://ag.gbc.criteo.com/newidsd

tls, http2

msedge.exe

1.6kB
4.9kB
12
12

HTTP Request

GET https://ag.gbc.criteo.com/newidsd

HTTP Response

200
185.235.86.38:443

https://gem.gbc.criteo.com/newidsd

tls, http2

msedge.exe

1.6kB
4.9kB
12
13

HTTP Request

GET https://gem.gbc.criteo.com/newidsd

HTTP Response

200
18.165.227.106:443

https://woreppercomming.com/4fabb44a-878d-4024-bdef-2de07d973f5e?campaignname=2_OperaGX&placementname=2_OperaGX_UK_Win_101&bid=5.75&totalcpv=0.00575&channel=File%20Hosting%20&%20Sharing&subchannel=File%20Hosting%20&%20Sharing&medianame=OperaGX_WW_9636&keywords=online%20storage,free%20storage,cloud%20storage,collaboration,backup%20file%20sharing,share%20files,photo%20backup,photo%20sharing,ftp%20replacement,cross%20platform,remote%20access,mobile%20access,send%20large%20files,recover%20files,file%20versioning,undelete,windows,pc,mac,os%20x,linux,iphone,online%20storage,free%20storage,cloud%20storage,collaboration,backup%20file%20sharing,share%20files,photo%20backup,photo%20sharing,ftp%20replacement,cross%20platform,remote%20access,mobile%20access,send%20large%20files,recover%20files,file%20versioning,undelete,windows,pc,mac,os%20x,linux,iphone&sourceid=101&domainid=1&cpv=0.00575&s2sParam=56fe7864-39eb-4370-85c5-a83ca0f342e2

tls, http2

msedge.exe

2.4kB
7.6kB
13
15

HTTP Request

GET https://woreppercomming.com/4fabb44a-878d-4024-bdef-2de07d973f5e?campaignname=2_OperaGX&placementname=2_OperaGX_UK_Win_101&bid=5.75&totalcpv=0.00575&channel=File%20Hosting%20&%20Sharing&subchannel=File%20Hosting%20&%20Sharing&medianame=OperaGX_WW_9636&keywords=online%20storage,free%20storage,cloud%20storage,collaboration,backup%20file%20sharing,share%20files,photo%20backup,photo%20sharing,ftp%20replacement,cross%20platform,remote%20access,mobile%20access,send%20large%20files,recover%20files,file%20versioning,undelete,windows,pc,mac,os%20x,linux,iphone,online%20storage,free%20storage,cloud%20storage,collaboration,backup%20file%20sharing,share%20files,photo%20backup,photo%20sharing,ftp%20replacement,cross%20platform,remote%20access,mobile%20access,send%20large%20files,recover%20files,file%20versioning,undelete,windows,pc,mac,os%20x,linux,iphone&sourceid=101&domainid=1&cpv=0.00575&s2sParam=56fe7864-39eb-4370-85c5-a83ca0f342e2

HTTP Response

302
172.67.141.135:443

https://www.chancial.com/5PNNB9Z/L2WFNRF/?sub1=c25be22e-ac35-4bba-a2b8-212f01034d26&sub2=webpl02ren82icr23vjd3eg2

tls, http2

msedge.exe

1.8kB
4.7kB
13
13

HTTP Request

GET https://www.chancial.com/5PNNB9Z/L2WFNRF/?sub1=c25be22e-ac35-4bba-a2b8-212f01034d26&sub2=webpl02ren82icr23vjd3eg2

HTTP Response

302
52.59.107.139:443

https://www.opera.com/gx?utm_content=2923_c25be22e-ac35-4bba-a2b8-212f01034d26&utm_source=PWNgames&utm_medium=pa&utm_campaign=PWN_GB_XVR_WEB_2923&utm_id=32f54866229d40f3917a78bb3a53e27b&edition=std-2

tls, http2

msedge.exe

2.3kB
24.7kB
20
29

HTTP Request

GET https://www.opera.com/gx?utm_content=2923_c25be22e-ac35-4bba-a2b8-212f01034d26&utm_source=PWNgames&utm_medium=pa&utm_campaign=PWN_GB_XVR_WEB_2923&utm_id=32f54866229d40f3917a78bb3a53e27b&edition=std-2

HTTP Response

200
2.22.132.239:443

https://cdn-production-opera-website.operacdn.com/staticfiles/assets/images/sections/2023/hero-top/gx/opera__gx--hero.34d998b1b76e.webp

tls, http2

msedge.exe

7.7kB
167.1kB
116
142

HTTP Request

GET https://cdn-production-opera-website.operacdn.com/staticfiles/mainOne-320.4eb0e0b405f4.css

HTTP Request

GET https://cdn-production-opera-website.operacdn.com/staticfiles/mainOne-640.9343d3c37bce.css

HTTP Request

GET https://cdn-production-opera-website.operacdn.com/staticfiles/mainOne-768.5bc032d7f9d0.css

HTTP Request

GET https://cdn-production-opera-website.operacdn.com/staticfiles/mainOne-1024.dd5e20c6b159.css

HTTP Request

GET https://cdn-production-opera-website.operacdn.com/staticfiles/mainOne-1224.791b99cf2009.css

HTTP Request

GET https://cdn-production-opera-website.operacdn.com/staticfiles/latinext.d7788e6fd132.css

HTTP Request

GET https://cdn-production-opera-website.operacdn.com/staticfiles/mainOne.3c08a47a7925.css

HTTP Request

GET https://cdn-production-opera-website.operacdn.com/staticfiles/main.16b83e3049db.js

HTTP Request

GET https://cdn-production-opera-website.operacdn.com/staticfiles/assets/images/sections/2023/hero-top/gx/opera__gx--hero--non-opera.5a647a245a5d.webp

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://cdn-production-opera-website.operacdn.com/staticfiles/assets/images/sections/2023/hero-top/gx/opera__gx--hero.34d998b1b76e.webp

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200
2.22.132.239:443

cdn-production-opera-website.operacdn.com

tls

msedge.exe

1.1kB
4.7kB
10
10
2.22.132.239:443

cdn-production-opera-website.operacdn.com

tls

msedge.exe

1.1kB
4.7kB
10
10
2.22.132.239:443

cdn-production-opera-website.operacdn.com

tls

msedge.exe

1.1kB
4.7kB
10
10
2.22.132.239:443

cdn-production-opera-website.operacdn.com

tls

msedge.exe

1.1kB
4.7kB
10
10
2.22.132.239:443

cdn-production-opera-website.operacdn.com

tls

msedge.exe

1.1kB
4.7kB
10
10
142.250.178.142:443

https://www.googleoptimize.com/optimize.js?id=GTM-5HKZ2H4

tls, http2

msedge.exe

1.7kB
6.4kB
13
12

HTTP Request

GET https://www.googleoptimize.com/optimize.js?id=GTM-5HKZ2H4
35.190.80.1:443

https://a.nel.cloudflare.com/report/v4?s=6qzdaO3KWpn%2F%2BvG1%2FKaYahGg4dCryepT7E5%2BjwsJ6FserkMsXWKCSy%2B1vhEAqvigSKmgiyCZxgQA6lM9Gx%2FM5v%2FwwvA357JoRIRUGGU%2FvhuchKYTocfACT13ow63Fk8zzo42ZtK1

tls, http2

msedge.exe

1.9kB
4.5kB
14
12

HTTP Request

OPTIONS https://a.nel.cloudflare.com/report/v4?s=6qzdaO3KWpn%2F%2BvG1%2FKaYahGg4dCryepT7E5%2BjwsJ6FserkMsXWKCSy%2B1vhEAqvigSKmgiyCZxgQA6lM9Gx%2FM5v%2FwwvA357JoRIRUGGU%2FvhuchKYTocfACT13ow63Fk8zzo42ZtK1
150.171.28.10:443

tse1.mm.bing.net

tls, http2

1.2kB
6.9kB
15
13
150.171.28.10:443

https://tse1.mm.bing.net/th?id=OADD2.10239317301480_1GLUO11W92SWCVMG3&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

tls, http2

139.6kB
4.1MB
2959
2954

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239340418541_1R6VGP5QQCA6F4RQL&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239339388119_10QYQ7X0D3WF71UDP&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301047_1S8G2IIVJ6Z2H00N1&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239340418542_1M27CNBNVY6AXHL84&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239339388120_11G57HW9RPFMLC262&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301480_1GLUO11W92SWCVMG3&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Response

200
150.171.28.10:443

tse1.mm.bing.net

tls, http2

1.2kB
6.9kB
15
13
150.171.28.10:443

tse1.mm.bing.net

tls, http2

1.2kB
6.9kB
15
13
150.171.28.10:443

tse1.mm.bing.net

tls, http2

1.2kB
6.9kB
15
13

8.8.8.8:53

232.168.11.51.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

232.168.11.51.in-addr.arpa
8.8.8.8:53

download1648.mediafire.com

dns

msedge.exe

72 B
88 B
1
1

DNS Request

download1648.mediafire.com

DNS Response

199.91.152.148
8.8.8.8:53

45.56.20.217.in-addr.arpa

dns

71 B
131 B
1
1

DNS Request

45.56.20.217.in-addr.arpa
8.8.8.8:53

134.32.126.40.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

134.32.126.40.in-addr.arpa
8.8.8.8:53

148.152.91.199.in-addr.arpa

dns

73 B
73 B
1
1

DNS Request

148.152.91.199.in-addr.arpa
8.8.8.8:53

233.38.18.104.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

233.38.18.104.in-addr.arpa
8.8.8.8:53

www.mediafire.com

dns

msedge.exe

63 B
95 B
1
1

DNS Request

www.mediafire.com

DNS Response

104.16.113.74

104.16.114.74
8.8.8.8:53

static.mediafire.com

dns

msedge.exe

66 B
98 B
1
1

DNS Request

static.mediafire.com

DNS Response

104.16.113.74

104.16.114.74
8.8.8.8:53

www.google.com

dns

msedge.exe

60 B
76 B
1
1

DNS Request

www.google.com

DNS Response

216.58.214.68
8.8.8.8:53

ajax.googleapis.com

dns

msedge.exe

65 B
81 B
1
1

DNS Request

ajax.googleapis.com

DNS Response

216.58.214.74
8.8.8.8:53

static.cloudflareinsights.com

dns

msedge.exe

75 B
107 B
1
1

DNS Request

static.cloudflareinsights.com

DNS Response

104.16.79.73

104.16.80.73
8.8.8.8:53

cdn.amplitude.com

dns

msedge.exe

63 B
127 B
1
1

DNS Request

cdn.amplitude.com

DNS Response

18.154.84.20

18.154.84.124

18.154.84.60

18.154.84.84
8.8.8.8:53

translate.google.com

dns

msedge.exe

66 B
103 B
1
1

DNS Request

translate.google.com

DNS Response

142.250.178.142
8.8.8.8:53

74.113.16.104.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

74.113.16.104.in-addr.arpa
8.8.8.8:53

68.214.58.216.in-addr.arpa

dns

72 B
169 B
1
1

DNS Request

68.214.58.216.in-addr.arpa
8.8.8.8:53

234.75.250.142.in-addr.arpa

dns

73 B
112 B
1
1

DNS Request

234.75.250.142.in-addr.arpa
8.8.8.8:53

74.214.58.216.in-addr.arpa

dns

72 B
171 B
1
1

DNS Request

74.214.58.216.in-addr.arpa
8.8.8.8:53

163.214.58.216.in-addr.arpa

dns

73 B
171 B
1
1

DNS Request

163.214.58.216.in-addr.arpa
8.8.8.8:53

73.79.16.104.in-addr.arpa

dns

71 B
133 B
1
1

DNS Request

73.79.16.104.in-addr.arpa
8.8.8.8:53

136.178.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

136.178.250.142.in-addr.arpa
8.8.8.8:53

api.amplitude.com

dns

msedge.exe

63 B
191 B
1
1

DNS Request

api.amplitude.com

DNS Response

35.166.106.30

34.215.149.32

35.83.131.199

35.155.21.58

34.211.242.119

52.13.224.146

54.213.39.112

54.186.49.188
8.8.8.8:53

translate.googleapis.com

dns

msedge.exe

70 B
86 B
1
1

DNS Request

translate.googleapis.com

DNS Response

142.250.178.138
8.8.8.8:53

67.179.250.142.in-addr.arpa

dns

73 B
111 B
1
1

DNS Request

67.179.250.142.in-addr.arpa
8.8.8.8:53

20.84.154.18.in-addr.arpa

dns

71 B
126 B
1
1

DNS Request

20.84.154.18.in-addr.arpa
8.8.8.8:53

142.178.250.142.in-addr.arpa

dns

74 B
113 B
1
1

DNS Request

142.178.250.142.in-addr.arpa
8.8.8.8:53

6.39.156.108.in-addr.arpa

dns

71 B
127 B
1
1

DNS Request

6.39.156.108.in-addr.arpa
8.8.8.8:53

110.179.250.142.in-addr.arpa

dns

74 B
113 B
1
1

DNS Request

110.179.250.142.in-addr.arpa
8.8.8.8:53

138.178.250.142.in-addr.arpa

dns

74 B
113 B
1
1

DNS Request

138.178.250.142.in-addr.arpa
8.8.8.8:53

g.bing.com

dns

56 B
151 B
1
1

DNS Request

g.bing.com

DNS Response

204.79.197.237

13.107.21.237
8.8.8.8:53

region1.analytics.google.com

dns

msedge.exe

74 B
106 B
1
1

DNS Request

region1.analytics.google.com

DNS Response

216.239.34.36

216.239.32.36
8.8.8.8:53

stats.g.doubleclick.net

dns

msedge.exe

69 B
133 B
1
1

DNS Request

stats.g.doubleclick.net

DNS Response

74.125.71.156

74.125.71.157

74.125.71.155

74.125.71.154
8.8.8.8:53

www.google.co.uk

dns

msedge.exe

62 B
78 B
1
1

DNS Request

www.google.co.uk

DNS Response

172.217.20.163
8.8.8.8:53

translate-pa.googleapis.com

dns

msedge.exe

73 B
265 B
1
1

DNS Request

translate-pa.googleapis.com

DNS Response

142.250.179.106

142.250.179.74

142.250.178.138

216.58.214.170

172.217.20.170

216.58.215.42

142.250.201.170

216.58.214.74

142.250.74.234

172.217.20.202

142.250.75.234

216.58.213.74
8.8.8.8:53

36.34.239.216.in-addr.arpa

dns

72 B
132 B
1
1

DNS Request

36.34.239.216.in-addr.arpa
8.8.8.8:53

30.106.166.35.in-addr.arpa

dns

72 B
135 B
1
1

DNS Request

30.106.166.35.in-addr.arpa
8.8.8.8:53

163.20.217.172.in-addr.arpa

dns

73 B
171 B
1
1

DNS Request

163.20.217.172.in-addr.arpa
8.8.8.8:53

156.71.125.74.in-addr.arpa

dns

72 B
106 B
1
1

DNS Request

156.71.125.74.in-addr.arpa
8.8.8.8:53

237.197.79.204.in-addr.arpa

dns

73 B
143 B
1
1

DNS Request

237.197.79.204.in-addr.arpa
8.8.8.8:53

88.156.103.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

88.156.103.20.in-addr.arpa
224.0.0.251:5353

397 B
6
216.239.34.36:443

region1.analytics.google.com

https

msedge.exe

5.9kB
7.5kB
16
18
142.250.178.138:443

translate-pa.googleapis.com

https

msedge.exe

7.6kB
9.9kB
16
18
8.8.8.8:53

the.gatekeeperconsent.com

dns

msedge.exe

71 B
103 B
1
1

DNS Request

the.gatekeeperconsent.com

DNS Response

104.21.42.32

172.67.199.186
8.8.8.8:53

btloader.com

dns

msedge.exe

58 B
106 B
1
1

DNS Request

btloader.com

DNS Response

172.67.41.60

104.22.74.216

104.22.75.216
8.8.8.8:53

www.ezojs.com

dns

msedge.exe

59 B
137 B
1
1

DNS Request

www.ezojs.com

DNS Response

104.21.63.106

172.67.170.144
8.8.8.8:53

privacy.gatekeeperconsent.com

dns

msedge.exe

75 B
107 B
1
1

DNS Request

privacy.gatekeeperconsent.com

DNS Response

172.67.199.186

104.21.42.32
142.250.178.142:443

translate.google.com

https

msedge.exe

6.5kB
107.2kB
49
87
8.8.8.8:53

cdn.otnolatrnup.com

dns

msedge.exe

65 B
97 B
1
1

DNS Request

cdn.otnolatrnup.com

DNS Response

104.16.52.110

104.16.53.110
8.8.8.8:53

ad-delivery.net

dns

msedge.exe

61 B
109 B
1
1

DNS Request

ad-delivery.net

DNS Response

104.26.2.70

104.26.3.70

172.67.69.19
8.8.8.8:53

api.btloader.com

dns

msedge.exe

62 B
78 B
1
1

DNS Request

api.btloader.com

DNS Response

130.211.23.194
8.8.8.8:53

g.ezoic.net

dns

msedge.exe

57 B
73 B
1
1

DNS Request

g.ezoic.net

DNS Response

13.37.187.223
8.8.8.8:53

go.ezodn.com

dns

msedge.exe

58 B
90 B
1
1

DNS Request

go.ezodn.com

DNS Response

104.21.87.79

172.67.142.121
130.211.23.194:443

api.btloader.com

https

msedge.exe

2.8kB
5.6kB
12
12
8.8.8.8:53

www.mediafiredls.com

dns

msedge.exe

66 B
114 B
1
1

DNS Request

www.mediafiredls.com

DNS Response

172.67.73.78

104.26.3.173

104.26.2.173
8.8.8.8:53

securepubads.g.doubleclick.net

dns

msedge.exe

76 B
92 B
1
1

DNS Request

securepubads.g.doubleclick.net

DNS Response

142.250.201.162
8.8.8.8:53

otnolatrnup.com

dns

msedge.exe

61 B
93 B
1
1

DNS Request

otnolatrnup.com

DNS Response

104.16.53.110

104.16.52.110
8.8.8.8:53

hbopenbid.pubmatic.com

dns

msedge.exe

68 B
147 B
1
1

DNS Request

hbopenbid.pubmatic.com

DNS Response

185.64.190.77
8.8.8.8:53

btlr.sharethrough.com

dns

msedge.exe

67 B
227 B
1
1

DNS Request

btlr.sharethrough.com

DNS Response

18.195.54.126

18.193.239.88

52.57.231.117

35.156.158.3

3.122.81.92

3.70.34.151

54.93.131.27

52.57.23.171
8.8.8.8:53

tlx.3lift.com

dns

msedge.exe

59 B
128 B
1
1

DNS Request

tlx.3lift.com

DNS Response

3.124.64.248

18.157.230.4

3.78.168.176
8.8.8.8:53

prebid.media.net

dns

msedge.exe

62 B
78 B
1
1

DNS Request

prebid.media.net

DNS Response

34.120.63.153
8.8.8.8:53

tags.crwdcntrl.net

dns

msedge.exe

64 B
128 B
1
1

DNS Request

tags.crwdcntrl.net

DNS Response

18.245.143.83

18.245.143.100

18.245.143.118

18.245.143.58
8.8.8.8:53

ad.crwdcntrl.net

dns

msedge.exe

62 B
190 B
1
1

DNS Request

ad.crwdcntrl.net

DNS Response

54.194.127.62

52.30.227.82

52.214.212.45

99.80.240.203

54.217.140.248

54.77.210.40

54.195.184.161

52.31.166.146
8.8.8.8:53

bcp.crwdcntrl.net

dns

msedge.exe

63 B
191 B
1
1

DNS Request

bcp.crwdcntrl.net

DNS Response

52.31.166.146

54.217.140.248

54.195.184.161

54.194.127.62

99.80.240.203

54.77.210.40

52.30.227.82

18.202.12.177
142.250.201.162:443

securepubads.g.doubleclick.net

https

msedge.exe

20.8kB
251.8kB
103
219
8.8.8.8:53

32.42.21.104.in-addr.arpa

dns

71 B
133 B
1
1

DNS Request

32.42.21.104.in-addr.arpa
8.8.8.8:53

60.41.67.172.in-addr.arpa

dns

71 B
133 B
1
1

DNS Request

60.41.67.172.in-addr.arpa
8.8.8.8:53

106.63.21.104.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

106.63.21.104.in-addr.arpa
8.8.8.8:53

186.199.67.172.in-addr.arpa

dns

73 B
135 B
1
1

DNS Request

186.199.67.172.in-addr.arpa
8.8.8.8:53

110.52.16.104.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

110.52.16.104.in-addr.arpa
8.8.8.8:53

194.23.211.130.in-addr.arpa

dns

73 B
126 B
1
1

DNS Request

194.23.211.130.in-addr.arpa
8.8.8.8:53

70.179.250.142.in-addr.arpa

dns

73 B
111 B
1
1

DNS Request

70.179.250.142.in-addr.arpa
8.8.8.8:53

70.2.26.104.in-addr.arpa

dns

70 B
132 B
1
1

DNS Request

70.2.26.104.in-addr.arpa
8.8.8.8:53

223.187.37.13.in-addr.arpa

dns

72 B
135 B
1
1

DNS Request

223.187.37.13.in-addr.arpa
8.8.8.8:53

78.73.67.172.in-addr.arpa

dns

71 B
133 B
1
1

DNS Request

78.73.67.172.in-addr.arpa
8.8.8.8:53

162.201.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

162.201.250.142.in-addr.arpa
8.8.8.8:53

79.87.21.104.in-addr.arpa

dns

71 B
133 B
1
1

DNS Request

79.87.21.104.in-addr.arpa
8.8.8.8:53

77.190.64.185.in-addr.arpa

dns

72 B
132 B
1
1

DNS Request

77.190.64.185.in-addr.arpa
8.8.8.8:53

153.63.120.34.in-addr.arpa

dns

72 B
124 B
1
1

DNS Request

153.63.120.34.in-addr.arpa
8.8.8.8:53

126.54.195.18.in-addr.arpa

dns

72 B
138 B
1
1

DNS Request

126.54.195.18.in-addr.arpa
8.8.8.8:53

248.64.124.3.in-addr.arpa

dns

71 B
136 B
1
1

DNS Request

248.64.124.3.in-addr.arpa
8.8.8.8:53

fundingchoicesmessages.google.com

dns

msedge.exe

158 B
232 B
2
2

DNS Request

fundingchoicesmessages.google.com

DNS Request

fundingchoicesmessages.google.com

DNS Response

142.250.178.142

DNS Response

142.250.178.142
8.8.8.8:53

83.143.245.18.in-addr.arpa

dns

72 B
128 B
1
1

DNS Request

83.143.245.18.in-addr.arpa
8.8.8.8:53

62.127.194.54.in-addr.arpa

dns

72 B
135 B
1
1

DNS Request

62.127.194.54.in-addr.arpa
8.8.8.8:53

146.166.31.52.in-addr.arpa

dns

72 B
135 B
1
1

DNS Request

146.166.31.52.in-addr.arpa
8.8.8.8:53

5926966a686f9e17c15e1d3596a8ea65.safeframe.googlesyndication.com

dns

msedge.exe

110 B
169 B
1
1

DNS Request

5926966a686f9e17c15e1d3596a8ea65.safeframe.googlesyndication.com

DNS Response

216.58.214.65
8.8.8.8:53

cdn.jsdelivr.net

dns

msedge.exe

62 B
160 B
1
1

DNS Request

cdn.jsdelivr.net

DNS Response

151.101.193.229

151.101.1.229

151.101.129.229

151.101.65.229
8.8.8.8:53

cdn.prod.uidapi.com

dns

msedge.exe

65 B
124 B
1
1

DNS Request

cdn.prod.uidapi.com

DNS Response

18.245.255.11
8.8.8.8:53

static.criteo.net

dns

msedge.exe

63 B
113 B
1
1

DNS Request

static.criteo.net

DNS Response

178.250.1.3
8.8.8.8:53

oa.openxcdn.net

dns

msedge.exe

61 B
77 B
1
1

DNS Request

oa.openxcdn.net

DNS Response

34.102.146.192
8.8.8.8:53

cdn.id5-sync.com

dns

msedge.exe

62 B
110 B
1
1

DNS Request

cdn.id5-sync.com

DNS Response

104.22.53.86

104.22.52.86

172.67.38.106
8.8.8.8:53

cdn-ima.33across.com

dns

msedge.exe

66 B
151 B
1
1

DNS Request

cdn-ima.33across.com

DNS Response

104.18.35.167

172.64.152.89
8.8.8.8:53

invstatic101.creativecdn.com

dns

msedge.exe

74 B
90 B
1
1

DNS Request

invstatic101.creativecdn.com

DNS Response

34.96.70.87
8.8.8.8:53

apps.identrust.com

dns

msedge.exe

64 B
165 B
1
1

DNS Request

apps.identrust.com

DNS Response

88.221.134.137

88.221.135.104
8.8.8.8:53

oajs.openx.net

dns

msedge.exe

60 B
92 B
1
1

DNS Request

oajs.openx.net

DNS Response

34.120.135.53

34.120.107.143
8.8.8.8:53

tpc.googlesyndication.com

dns

msedge.exe

71 B
87 B
1
1

DNS Request

tpc.googlesyndication.com

DNS Response

216.58.214.161
8.8.8.8:53

id5-sync.com

dns

msedge.exe

58 B
218 B
1
1

DNS Request

id5-sync.com

DNS Response

162.19.138.119

162.19.138.82

162.19.138.117

141.95.98.64

162.19.138.116

162.19.138.120

162.19.138.118

141.95.98.65

141.95.33.120

162.19.138.83
34.120.135.53:443

oajs.openx.net

https

msedge.exe

2.3kB
4.1kB
7
8
216.58.214.161:443

tpc.googlesyndication.com

https

msedge.exe

11.0kB
114.5kB
92
124
216.58.214.68:443

www.google.com

https

msedge.exe

3.9kB
8.6kB
11
13
8.8.8.8:53

13.86.106.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

13.86.106.20.in-addr.arpa
8.8.8.8:53

65.214.58.216.in-addr.arpa

dns

72 B
169 B
1
1

DNS Request

65.214.58.216.in-addr.arpa
8.8.8.8:53

229.193.101.151.in-addr.arpa

dns

74 B
134 B
1
1

DNS Request

229.193.101.151.in-addr.arpa
8.8.8.8:53

167.35.18.104.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

167.35.18.104.in-addr.arpa
8.8.8.8:53

87.70.96.34.in-addr.arpa

dns

70 B
120 B
1
1

DNS Request

87.70.96.34.in-addr.arpa
8.8.8.8:53

192.146.102.34.in-addr.arpa

dns

73 B
126 B
1
1

DNS Request

192.146.102.34.in-addr.arpa
8.8.8.8:53

130.178.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

130.178.250.142.in-addr.arpa
8.8.8.8:53

11.255.245.18.in-addr.arpa

dns

72 B
128 B
1
1

DNS Request

11.255.245.18.in-addr.arpa
8.8.8.8:53

3.1.250.178.in-addr.arpa

dns

70 B
124 B
1
1

DNS Request

3.1.250.178.in-addr.arpa
8.8.8.8:53

86.53.22.104.in-addr.arpa

dns

71 B
133 B
1
1

DNS Request

86.53.22.104.in-addr.arpa
8.8.8.8:53

226.21.18.104.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

226.21.18.104.in-addr.arpa
8.8.8.8:53

137.134.221.88.in-addr.arpa

dns

73 B
139 B
1
1

DNS Request

137.134.221.88.in-addr.arpa
8.8.8.8:53

53.135.120.34.in-addr.arpa

dns

72 B
124 B
1
1

DNS Request

53.135.120.34.in-addr.arpa
8.8.8.8:53

161.214.58.216.in-addr.arpa

dns

73 B
171 B
1
1

DNS Request

161.214.58.216.in-addr.arpa
8.8.8.8:53

119.138.19.162.in-addr.arpa

dns

73 B
114 B
1
1

DNS Request

119.138.19.162.in-addr.arpa
8.8.8.8:53

google-bidout-d.openx.net

dns

msedge.exe

71 B
103 B
1
1

DNS Request

google-bidout-d.openx.net

DNS Response

35.244.159.8

34.98.64.218
8.8.8.8:53

ads.pubmatic.com

dns

msedge.exe

62 B
145 B
1
1

DNS Request

ads.pubmatic.com

DNS Response

2.18.108.192
8.8.8.8:53

contextual.media.net

dns

msedge.exe

66 B
82 B
1
1

DNS Request

contextual.media.net

DNS Response

95.100.244.20
8.8.8.8:53

eb2.3lift.com

dns

msedge.exe

118 B
224 B
2
2

DNS Request

eb2.3lift.com

DNS Response

76.223.111.18

13.248.245.213

DNS Request

eb2.3lift.com

DNS Response

76.223.111.18

13.248.245.213
8.8.8.8:53

cdn.ampproject.org

dns

msedge.exe

64 B
106 B
1
1

DNS Request

cdn.ampproject.org

DNS Response

142.250.179.65
142.250.179.65:443

cdn.ampproject.org

https

msedge.exe

6.9kB
135.7kB
58
108
216.58.214.161:443

tpc.googlesyndication.com

https

msedge.exe

3.1kB
6.5kB
5
7
8.8.8.8:53

download2271.mediafire.com

dns

msedge.exe

72 B
88 B
1
1

DNS Request

download2271.mediafire.com

DNS Response

199.91.155.12
8.8.8.8:53

8.159.244.35.in-addr.arpa

dns

71 B
122 B
1
1

DNS Request

8.159.244.35.in-addr.arpa
8.8.8.8:53

192.108.18.2.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

192.108.18.2.in-addr.arpa
8.8.8.8:53

20.244.100.95.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

20.244.100.95.in-addr.arpa
8.8.8.8:53

18.111.223.76.in-addr.arpa

dns

72 B
128 B
1
1

DNS Request

18.111.223.76.in-addr.arpa
8.8.8.8:53

65.179.250.142.in-addr.arpa

dns

73 B
111 B
1
1

DNS Request

65.179.250.142.in-addr.arpa
8.8.8.8:53

gum.criteo.com

dns

msedge.exe

60 B
107 B
1
1

DNS Request

gum.criteo.com

DNS Response

178.250.1.11
216.58.214.68:443

www.google.com

https

msedge.exe

2.6kB
7.9kB
12
16
8.8.8.8:53

ag.gbc.criteo.com

dns

msedge.exe

126 B
1.1kB
2
2

DNS Request

ag.gbc.criteo.com

DNS Response

185.235.86.125

185.235.86.137

185.235.86.124

185.235.86.133

185.235.86.130

185.235.86.118

185.235.86.127

185.235.86.122

185.235.86.113

185.235.86.135

185.235.86.131

185.235.86.134

185.235.86.114

185.235.86.117

185.235.86.120

185.235.86.138

185.235.86.139

185.235.86.119

185.235.86.132

185.235.86.121

185.235.86.129

185.235.86.115

185.235.86.136

185.235.86.123

185.235.86.126

185.235.86.128

185.235.86.116

185.235.86.112

DNS Request

ag.gbc.criteo.com

DNS Response

185.235.86.131

185.235.86.125

185.235.86.124

185.235.86.128

185.235.86.120

185.235.86.136

185.235.86.132

185.235.86.134

185.235.86.135

185.235.86.116

185.235.86.139

185.235.86.115

185.235.86.129

185.235.86.121

185.235.86.112

185.235.86.137

185.235.86.119

185.235.86.114

185.235.86.133

185.235.86.126

185.235.86.117

185.235.86.130

185.235.86.113

185.235.86.127

185.235.86.118

185.235.86.122

185.235.86.138

185.235.86.123
8.8.8.8:53

dnacdn.net

dns

msedge.exe

56 B
72 B
1
1

DNS Request

dnacdn.net

DNS Response

178.250.1.11
8.8.8.8:53

googleads.g.doubleclick.net

dns

msedge.exe

73 B
89 B
1
1

DNS Request

googleads.g.doubleclick.net

DNS Response

142.250.201.162
8.8.8.8:53

gem.gbc.criteo.com

dns

msedge.exe

128 B
538 B
2
1

DNS Request

gem.gbc.criteo.com

DNS Request

gem.gbc.criteo.com

DNS Response

185.235.86.38

185.235.86.41

185.235.86.33

185.235.86.52

185.235.86.48

185.235.86.40

185.235.86.49

185.235.86.44

185.235.86.37

185.235.86.47

185.235.86.42

185.235.86.32

185.235.86.39

185.235.86.29

185.235.86.43

185.235.86.35

185.235.86.36

185.235.86.31

185.235.86.46

185.235.86.54

185.235.86.30

185.235.86.50

185.235.86.53

185.235.86.51

185.235.86.45

185.235.86.28

185.235.86.55

185.235.86.34
8.8.8.8:53

12.155.91.199.in-addr.arpa

dns

144 B
144 B
2
2

DNS Request

12.155.91.199.in-addr.arpa

DNS Request

12.155.91.199.in-addr.arpa
8.8.8.8:53

11.1.250.178.in-addr.arpa

dns

142 B
250 B
2
2

DNS Request

11.1.250.178.in-addr.arpa

DNS Request

11.1.250.178.in-addr.arpa
8.8.8.8:53

226.75.250.142.in-addr.arpa

dns

146 B
222 B
2
2

DNS Request

226.75.250.142.in-addr.arpa

DNS Request

226.75.250.142.in-addr.arpa
8.8.8.8:53

woreppercomming.com

dns

msedge.exe

130 B
258 B
2
2

DNS Request

woreppercomming.com

DNS Request

woreppercomming.com

DNS Response

18.165.227.106

18.165.227.64

18.165.227.80

18.165.227.8

DNS Response

18.165.227.80

18.165.227.8

18.165.227.106

18.165.227.64
8.8.8.8:53

www.chancial.com

dns

msedge.exe

62 B
94 B
1
1

DNS Request

www.chancial.com

DNS Response

172.67.141.135

104.21.79.34
8.8.8.8:53

www.opera.com

dns

msedge.exe

59 B
148 B
1
1

DNS Request

www.opera.com

DNS Response

52.59.107.139

3.124.180.7
8.8.8.8:53

110.53.16.104.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

110.53.16.104.in-addr.arpa
8.8.8.8:53

38.86.235.185.in-addr.arpa

dns

72 B
126 B
1
1

DNS Request

38.86.235.185.in-addr.arpa
8.8.8.8:53

125.86.235.185.in-addr.arpa

dns

73 B
127 B
1
1

DNS Request

125.86.235.185.in-addr.arpa
8.8.8.8:53

106.227.165.18.in-addr.arpa

dns

73 B
131 B
1
1

DNS Request

106.227.165.18.in-addr.arpa
8.8.8.8:53

241.150.49.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

241.150.49.20.in-addr.arpa
8.8.8.8:53

135.141.67.172.in-addr.arpa

dns

73 B
135 B
1
1

DNS Request

135.141.67.172.in-addr.arpa
8.8.8.8:53

139.107.59.52.in-addr.arpa

dns

72 B
138 B
1
1

DNS Request

139.107.59.52.in-addr.arpa
8.8.8.8:53

cdn-production-opera-website.operacdn.com

dns

msedge.exe

87 B
207 B
1
1

DNS Request

cdn-production-opera-website.operacdn.com

DNS Response

2.22.132.239
8.8.8.8:53

www.googleoptimize.com

dns

msedge.exe

68 B
84 B
1
1

DNS Request

www.googleoptimize.com

DNS Response

142.250.178.142
8.8.8.8:53

239.132.22.2.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

239.132.22.2.in-addr.arpa
8.8.8.8:53

50.23.12.20.in-addr.arpa

dns

70 B
156 B
1
1

DNS Request

50.23.12.20.in-addr.arpa
8.8.8.8:53

171.39.242.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

171.39.242.20.in-addr.arpa
8.8.8.8:53

22.58.20.217.in-addr.arpa

dns

71 B
131 B
1
1

DNS Request

22.58.20.217.in-addr.arpa
8.8.8.8:53

172.210.232.199.in-addr.arpa

dns

74 B
128 B
1
1

DNS Request

172.210.232.199.in-addr.arpa
8.8.8.8:53

a.nel.cloudflare.com

dns

msedge.exe

132 B
82 B
2
1

DNS Request

a.nel.cloudflare.com

DNS Request

a.nel.cloudflare.com

DNS Response

35.190.80.1
35.190.80.1:443

a.nel.cloudflare.com

https

msedge.exe

9.0kB
5.6kB
14
10
8.8.8.8:53

1.80.190.35.in-addr.arpa

dns

140 B
120 B
2
1

DNS Request

1.80.190.35.in-addr.arpa

DNS Request

1.80.190.35.in-addr.arpa
8.8.8.8:53

tse1.mm.bing.net

dns

62 B
170 B
1
1

DNS Request

tse1.mm.bing.net

DNS Response

150.171.28.10

150.171.27.10
8.8.8.8:53

23.236.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

23.236.111.52.in-addr.arpa
8.8.8.8:53

10.28.171.150.in-addr.arpa

dns

144 B
316 B
2
2

DNS Request

10.28.171.150.in-addr.arpa

DNS Request

10.28.171.150.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1f9d180c0bcf71b48e7bc8302f85c28f

SHA1
ade94a8e51c446383dc0a45edf5aad5fa20edf3c

SHA256
a17d56c41d524453a78e3f06e0d0b0081e79d090a4b75d0b693ddbc39f6f7fdc

SHA512
282863df0e51288049587886ed37ad1cf5b6bfeed86454ea3b9f2bb7f0a1c591f3540c62712ebfcd6f1095e1977446dd5b13b904bb52b6d5c910a1efc208c785

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
60ead4145eb78b972baf6c6270ae6d72

SHA1
e71f4507bea5b518d9ee9fb2d523c5a11adea842

SHA256
b9e99e7387a915275e8fe4ac0b0c0cd330b4632814d5c9c446beb2755f1309a7

SHA512
8cdbafd2783048f5f54f22e13f6ef890936d5b986b0bb3fa86d2420a5bfecf7bedc56f46e6d5f126eae79f492315843c134c441084b912296e269f384a73ccde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

Filesize
20KB

MD5
4a2961dddc7ca6732df1c0646aad5129

SHA1
ff0b7265d2bef3824709ee3000621aca2d2c8724

SHA256
58a974546a65196f726ac5dbc25f1048991e8347bd53e7449102048a5a0dd597

SHA512
82c889adccb748ea06ced5db14b7f3f94b980215d350d7cf5463ad05de53b0421e0bc7fe6d0d3897480b2cbd6f34e0126814f166adb59b7f0a1c9cf960e8a2d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
314dbad9581443a140bda10191e3445a

SHA1
3ee63e8b311d12f3a1df560b99f3a1cbfdb4816e

SHA256
6799988933376a785d3a9b6fe695746a2706a8ed2684063aed8bea0a72c287d3

SHA512
ff17030bde47d1d6edf0d860dc00f46b0784065cf57f6abe9bd9a13fa7121abe5742b09d21cb4621127724b014eae245d3a0881152679af9ce86ab5297f9ebb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
51de5b2d6707b2f9fc120bfacd6138a8

SHA1
9e4b1d0b4f8791946cb525bbfb4359322dcec090

SHA256
78118bc8ac03007d5a10046a603e8cff91a150a4667fe75c378cf2b181bdf38b

SHA512
4917b03b2d891001484e758cb53636d0863165fb8bdb785e11ba9c3828dafedf7025b22ff52eed7435bb05d328ff7b2f8c196a0ece8e1ca143a5423dde8f21f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9aa63681decac9ccda7803dc4b41876f

SHA1
3f27ef3911e2553965230f87c0e29393b0f16ae5

SHA256
bedac2c5e8e96d1c46401c1dd82fdb4042ed47a6059fb4631a53d9eb2ebbe26d

SHA512
dac1b542ab3fdf726c7b7d1eec9118512f2195cb90fe5656159b1e783466151bfc3a40b619d1abb51678cbf16006037e78251d7470dd03b8e6d160d1e019bc60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9d7e74d74dab641d45ed24d438340943

SHA1
3c7bb5e59c070527ba010dc5104574fab4627657

SHA256
2f8e8c1803b97e100089f65fae2e5d36f53f2d0c033a43279a92d4aba4834b2a

SHA512
18dc935c1bb0ea2e5a9fda027a948af450cf316a13fd3c9f97e2e952a8a4cc2bc4c8110a09ff61ea63502dc529660cf2f190707d425abbb896a0984c6e41e4fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
8cb48e46d983a23fb2d88c15339c1905

SHA1
3465f7aadb72622e178f278b880d50df0bb1eb11

SHA256
bb5d6b3a9cb533d66078d8f3f646dfbc44b89b5ee0ae8c68e9b765962336ebcd

SHA512
61742d00c21b195997c1d2f8e28d2c656e0a374c727b6f92b2d065dc3a6c5252fadaf40042e2a942dc43794fded0814052b116282830ae17d25b0a67245f71f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
3855e39a7e947d7ef61dd1e34f60a2e5

SHA1
365bc3e840e40b1b7589081ceff7e866cacefef7

SHA256
fd06247ac1be15f6363e169cd60a65b297e6b464bead063ba8ac5f6aca143e91

SHA512
bec33ffbd5cd84b766685f14c5b19675bf2f9288d716766c3a7acd03c47d8e363e3d24e63871a7bee26a31ced0f3bb255e7bde00116f6d594b126cb6f10c63bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
fcf3724eba4ef078a0bbbe656e575543

SHA1
f80e014f7b716451a9cbc3d48b90a31c1cc04637

SHA256
65edc7966556d20035dfd77384d3aa873647a62bc01f50769c62b7ef82db4f61

SHA512
4cef292238c89195289738bd8b3335cadbb48422c472cf309b5d67325f97391b6c3258717c9a0f71a91759f2d33356d1ef685fbdf91270e2ea18bdcd79e94049

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580635.TMP

Filesize
702B

MD5
80d8f66407f4d839e64a4a1d63cea822

SHA1
b9dc18b3b660f977bb3ee85fd5626e398b58e9ed

SHA256
51af4d9e26635f3f4416e139f5cec179c44789ae532de55ed3b4769dacc710c9

SHA512
954d78d60460e9178eaf4c7b99ff511073ae94339ab779ac0bcd879ec73808fe1f70357ff0f29e42c545d4a15c1fef3dd42763c78d640b93bec7ef1b46ce32da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
94481376c028007646b5f2b78c4d7c2b

SHA1
a24cd25edb70a113fb19dff784bcc76043c6e36a

SHA256
ee8a9bfa9429a22848cecb5727771bf9067220fb402ce46fd9763695a96492c3

SHA512
0bbec4308fc3760bae49c2457bb93ddb042dd9d9230ead26ba2738121fba0495c0c637425f686f6a627b9f801ba097044d3aee889491894def2fdcae67c7d0ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d95c83a87d31630a93adc938c0c4aa22

SHA1
03da83c46ad888899dafbb9ab2df18ca874d7ef6

SHA256
9c5d4390c82c8f80956a65c9dd045e0cd65aa6fc6967469f0091b4a57442bf58

SHA512
f4c130e817b8cbfc47d04afbb0f5a91aedd4e04ad92d304ea054926ac828d2544d34d21816c34e896b4487ab4b413e8ccd4d03841f7ebb63f224608396f2b697

Download Submit
C:\Users\Admin\Downloads\nitrogen.zip

Filesize
971KB

MD5
d83d50f746155eab8bba7360c1d08db2

SHA1
0eadce9c3a4b9706e0fbb9bf02840a1fa1789591

SHA256
f9fb3791423cfac10717fd61c6b0e98aa8d852ee6adef9228878ce59336f12c9

SHA512
084e1a56c55a3fe317ccfe289ab8035de4778ede35ab0fb66ecd99ab72d871a7271ff482a6145bd476cc6f2950a95f16daab6e796e5d04c2ff69d9bb250245d3

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response